X

AEON THAI MOBILE
AEON Thana Sinsap (Thailand) PLC FREE -On The App Store

Open

Privacy Policy

Privacy Policy Statement (For third parties)

AEON Thana Sinsap (Thailand) Public Company Limited

1. Introduction

1.1 AEON Thana Sinsap (Thailand) Public Company Limited (“AEONTS” or “we”) has established and discloses this privacy policy statement (the “Privacy Policy Statement”) as our approach to explain how we, as the data controller, collect, use, disclose or otherwise process personal information of our [vendors, dealers, services providers and business partners, including their authorized directors, representatives and contact persons] and how we protect personal information and properly handle such information once the provisions under the Personal Data Protection Act B.E. 2562 (2019) (the “PDPA”) with respect to the processing of personal information become effective.

1.2 AEONTS recognizes the importance of protecting personal information, and complies with the PDPA and other relevant laws and regulations as well as internal regulations of AEONTS including this Privacy Policy Statement, and AEONTS strives to properly protect and handle personal information.

1.3 AEONTS collects personal information through appropriate and lawful means, and only to the extent necessary to achieve the purpose of utilization. Such collection, use, disclosure or otherwise processing of personal information will be in accordance with the provisions of relevant laws only.

1.4 AEONTS specifies the purpose of collection, use, disclosure or otherwise processing of personal information, and collects such information to the extent necessary in relation to the purpose. In cases where the purpose of collection, use, disclosure or otherwise processing of specific personal information is limited by relevant laws and regulations, AEONTS does not use such personal information beyond such limitations of the purpose. You may find details of purpose of collection, use, disclosure or otherwise processing of personal information in this Privacy Policy Statement.

1.5 AEONTS does not disclose personal information to any third party, except where the person concerned has granted prior consent in that regard, or where disclosure of personal information is based on laws.

1.6 AEONTS takes appropriate security measures for preventing unauthorized or unlawful loss, access to, use, alteration, correction or disclosure, of personal information. When appointing any third party to process personal information on behalf of AEONTS, AEONTS appropriately oversees such third party.

1.7 AEONTS reviews the content of this Privacy Policy Statement as necessary, and strives to bring about continuous improvement such as to our systems and approaches for protecting personal information.

1.8 AEONTS trains and educates our employees regarding the importance of protecting personal information to ensure that they handle the personal information in an appropriate manner.

1.9 AEONTS responds in an appropriate and swift manner to requests for exercising data subject rights, any opinions or requests concerning its collection, use, disclosure or otherwise processing of personal information. Please see relevant details shown in this Privacy Policy Statement or please contact AEONTS at contact details shown below.

2. Personal Information We Collect, Use, Disclose or Process and Its Sources

2.1 What is personal information?

Personal information means any information relating to an individual, which enables the identification of such individual, whether directly or indirectly,

2.2 Personal information we collect, use, disclose or process

AEONTS collects several types of personal information, including:

– Identity data (for example, name, surname, identification card number, passport number, birthdate, and in some cases, AEONTS may process sensitive data such as finger vein biometric data only with your explicit consent or when permitted by law)
– Contact data (for example, address, telephone number, email)
– Financial data (for example, bank account, credit bureau, bankruptcy, anti-money laundering information)
– Data about your background verification
– Identity and contact data of your contact person indicated by you
– Any other information contained in your company profile, website, annual report and social media platforms
– Information obtained through video recordings during your work performance such as videos caught on CCTV

2.3 Sources of information

AEONTS may collect your personal information from various sources as follows:

(1) Collect information directly from you, for example:
– Vendor checklist and verification, registration procedures, contract signing, form filling, registrations or submissions of claims or requests for exercising your rights
– Your communication via our contact channels, for example, telephone, email, etc.
– Security procedure such as ID Card deposit when entering our premises

(2) Collect information from other sources, for example:
– Our vendors, dealers, service providers or business partners of which you hold a position as authorized directors, representatives, or employees
– Government authorities and supervising authorities such as Royal Thai Police, Anti-money Laundering Office, or other publicly available sources such as company website, information made available on the internet or social media platforms

3. Purposes of Collection, Use, Disclosure or Processing of Personal Information

AEONTS collects, uses, discloses or processes your personal information as a registrant to be vendor, vendor, dealer, service provider or business partner, or an authorized director, representative or employee acting on behalf of the individual or the aforementioned legal entity for various purposes depending on relationship between you and AEONTS as follows:

Processing purposes Lawful basis
To consider applications for using our products or services
  • Performance of a contract or taking steps at your request before entering into a contract
  • Legitimate interest
  • Consent for sensitive data (if any)
To enter into an agreement with you or your personnel
  • Performance of a contract
  • Legitimate interest
  • Consent for sensitive data (if any)
To perform contractual obligations between AEONTS and you or your personnel as AEONTS’s vendors, dealers, service providers or business partners, including issuing purchase order, purchase requisition or invoice, maintaining records of AEONTS’s vendors, dealers, service providers or business partners, managing relationship (e.g. granting access to AEONTS’s database or AEONTS’s premises), and monitoring and evaluating performance of AEONTS’s vendors, dealers, service providers or business partners
  • Performance of a contract
  • Legitimate interest
To prevent, detect and investigate fraud, unlawful activity, omission or misconduct, money laundering, financing of terrorism and other illegal actions
  • Legitimate interest
  • Compliance with a law
To manage risks and undertake internal audit and administration
  • Legitimate interest
To legally assign any rights, duties and benefits under relevant agreement between you or your personnel and AEONTS
  • Performance of a contract
  • Legitimate interest
To comply with legal obligations and law enforcement requests, and to report information to government authorities as required by laws (e.g. anti-money laundering law, tax law, etc.) or upon receiving an order or a writ of attachment from police officers, government authorities or courts.
  • Compliance with law
To establish, comply or exercise the rights to legal claims or defend against the rights to legal claims
  • Legitimate interest
  • Consent for sensitive data (if any)
To monitor security in and around our head office, regional offices, branches or premises including ID card deposit before accessing such areas, and using CCTV to collect videos of those who contact us at our premises
  • Legitimate interest
To facilitate, deal with and/or administer external audit(s) or internal audit(s) for any operations of AEONTS
  • Legitimate interest
To store, back up (whether for disaster or otherwise) of your and your personnel’s personal information
  • Performance of a contract
  • Legitimate interest
  • Consent for sensitive data (if any)

4. Data Retention Period

AEONTS retains your personal information for as long as is considered necessary for the purpose for which it was collected, used, disclosed or processed as set out in this Privacy Policy Statement. The criteria used to determine our retention periods include: we retain the personal information for the duration we have an ongoing relationship with you; or we may retain the personal information for a longer period as necessary to comply with applicable laws, or to be in accordance with legal prescription, or to establish, comply with or exercise the rights to legal claims or defend against the rights to legal claims, or to be complied with, for any other cause, our internal policies and regulations.

5. Data Disclosure

AEONTS may disclose your personal information in certain circumstances, for the purposes set out in this Privacy Policy Statement, to:

5.1 Government authorities, supervising authorities or other authorities as stipulated by laws, including competent official, e.g. courts, police officers, Revenue Department.

5.2 Agencies, contractors/sub-contractors and/or service providers for their implementation and procedure, such as auditors, lawyers, legal advisers, and consultants.

5.3 Assignees of AEONTS’ rights, duties and benefits, including their attorneys, for example in case of transfer of rights and/or obligations under the relevant agreement, corporate restructuring, merger, acquisition, sale of assets, etc.

5.4 Our customers or other third parties as per contractual requirements or legal requirements, as the case may be.

6. Data Subject Rights

6.1 Your rights under the PDPA

According to the PDPA, you have certain rights relating to your personal information as follows:

(1) Right to Withdraw Consent

You have the right to withdraw consent given to us for collecting, using or disclosing your personal information at any time, unless there is a restriction of the withdrawal of consent by law or the contract which gives benefits to you.

However, the withdrawal of consent shall not affect the collection, use or disclosure of personal information you have already given consent legally. In addition, where you withdraw consent, you may experience less convenience in rendering services, performing tasks or pursuing contractual or business relationship with AEONTS, or may not be able to maintain your status as our vendors, dealers, services providers and business partners.

(2) Right to Access

You have the right to request access to and obtain a copy of your personal information, which is under our responsibility, or to request the disclosure of the acquisition of the personal information obtained without your consent. At our discretion, we may require you to prove your identity before providing the requested information. If you require multiple copies of your personal information, we may charge a reasonable processing fee.

(3) Right to Object

You have the right to object to the collection, use, disclosure or otherwise processing of your personal information on grounds stipulated by law. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process your personal information for the establishment, exercise or defense of a legal claim.

(4) Right to Erasure

You have the right to request AEONTS to erase, destroy or make your personal information become unidentifiable data, under certain circumstances unless we are required to retain your personal information in order to comply with a legal obligation or to establish, exercise or defend legal claims.

(5) Right to Rectification

AEONTS will ensure that your personal information remains accurate, up-to-date, complete, and not misleading. However, if you consider that your personal information is inaccurate or changed, you have the right to request AEONTS to rectify your personal information to be accurate, up-to-date, complete, and not misleading.

6.2 How to exercise your rights

You may exercise the data subject rights listed above via the following channels:
– Privacy setting page (via this website or mobile application)
– Notification setting page (via this website or mobile application)
– Call Center at 02-665-0123 for (1)Right to Withdraw Consent and (5)Right to Rectification
– Other channels as specified in Clause 8 below for your right in Clause 6.1 (2)-(4)
Nonetheless, if we reject your request, we will inform you of the reasons.

6.3 Processing time

AEONTS will process your request within 30 days upon receipt of your valid request together with complete supporting documents. Until then, your personal information will still be unchanged in our database and may still be processed or you may be contacted by us, our partners or those who have retained your personal information as of the date of your request.

7. Data Protection Security Measures

7.1 Implementation of Security Measures

AEONTS implements appropriate security measures for preventing unauthorized or unlawful loss, access to, use, alteration, correction or disclosure of personal information.

7.2 Disclosure of Personal Information to Data Processor

AEONTS properly supervises third parties to which AEONTS has appointed to process personal information pursuant to our orders or on our behalf.

8. Contact information

If you have any questions or inquiries about the protection of your personal information, collection, use or disclosure of your personal information, or exercise of your rights, or have any claims, please contact us at:

AEON Thana Sinsap (Thailand) Public Company Limited and Data Protection Officer (Mr. Takashi Hisae)

Address: 388 Exchange Tower, 27th Floor, Sukhumvit Road, Kwaeng Klongtoey, Khet Klongtoey, Bangkok 10110
Tel: DPO Office 02-302-4656
E-mail: [email protected]

You also have the right to file a complaint with the relevant Personal Data Protection Committee if AEONTS violates or do not comply with the PDPA or other regulations or notifications issued in accordance with the PDPA.

9. Third Party Links

This Privacy Policy Statement applies to the use of website, mobile application and LINE account of AEONTS only. When you link to third party websites via AEONTS Website, the personal information protection shall be in accordance with the privacy policy statement of such third party websites which are not related to AEONTS.

10. Update to this Privacy Policy Statement

AEONTS regularly reviews and, if appropriate, updates this Privacy Policy Statement from time to time to ensure that your personal information is properly protected. In case of any update to this Privacy Policy Statement, AEONTS will inform you through Privacy Policy Statement on this website, notification on your device or other appropriate methods. Please refer to this page for the updated Privacy Policy Statement.

[Last updated on 1 February 2022]

Privacy Policy Statement (For external AEON business)

AEON Thana Sinsap (Thailand) Public Company Limited

1. Introduction

1.1 AEON Thana Sinsap (Thailand) Public Company Limited (“AEONTS” or “we”) has established and discloses this privacy policy statement (the “Privacy Policy Statement”) as our approach to explain how we, as the data controller, collect, use, disclose or otherwise process personal information of our existing and future shareholders and/or their proxies or representatives, other investors and analysts, or other persons who attend the shareholders’ meetings held by AEONTS and how we protect personal information and properly handle such information once the provisions under the Personal Data Protection Act B.E. 2562 (2019) (the “PDPA”) with respect to the processing of personal information become effective.

1.2 AEONTS recognizes the importance of protecting personal information, and complies with the PDPA and other relevant laws and regulations as well as internal regulations of AEONTS including this Privacy Policy Statement, and AEONTS strives to properly protect and handle personal information.

1.3 AEONTS collects personal information through appropriate and lawful means, and only to the extent necessary to achieve the purpose of utilization. Such collection, use, disclosure or otherwise processing of personal data will be in accordance with the provisions of relevant laws only.

1.4 AEONTS specifies the purpose of collection, use, disclosure or otherwise processing of personal information, and collects such information to the extent necessary in relation to the purpose. In cases where the purpose of collection, use, disclosure or otherwise processing of specific personal information is limited by relevant laws and regulations, AEONTS does not use such personal information beyond such limitations of the purpose. You may find details of purpose of collection, use, disclosure or otherwise processing of personal information in this Privacy Policy Statement.

1.5 AEONTS does not disclose personal information to any third party, except where the person concerned has granted prior consent in that regard, or where disclosure of personal information is based on laws.

1.6 AEONTS takes appropriate security measures for preventing unauthorized or unlawful loss, access to, use, alteration, correction or disclosure, of personal information. When appointing any third party to process personal information on behalf of AEONTS, AEONTS appropriately oversees such third party.

1.7 AEONTS reviews the content of this Privacy Policy Statement as necessary, and strives to bring about continuous improvement such as to our systems and approaches for protecting personal information.

1.8 AEONTS trains and educates our officers and employees regarding the importance of protecting personal information to ensure that they handle the personal information in an appropriate manner.

1.9 AEONTS responds in an appropriate and swift manner to requests for exercising data subject rights, any opinions or requests concerning its collection, use, disclosure or otherwise processing of personal information. Please see relevant details shown in this Privacy Policy Statement or please contact AEONTS at contact details shown below.

2. Personal Information We Collect, Use, Disclose or Process and Its Sources

2.1 What is personal information?

Personal information means any information relating to an individual, which enables the identification of such individual, whether directly or indirectly,

2.2 Personal information we collect, use, disclose or process

AEONTS collects several types of personal information, including:

– Identity data (for example, name, surname, identification card number, passport number, birthdate, gender, nationality, online identity (e.g. IP address, cookie, device ID)
– Contact data (for example, address, telephone number, email)
– Electronic traffic data (log file) where the meeting is held by electronic means
– Communication data (for example, images, video or voice recordings when attending meetings held by AEONTS)
– Other information (for example, numbers of shares and voting rights, information on proxy form or power of attorney)

2.3 Sources of information

AEONTS may collect your personal information from various sources as follows:

(1) Collect information directly from you, for example:
– Procedures for entering into contract, contract signing, form filling, questionnaires, registrations or submission of claims or requests
– Your communication with us via our contact channels, e.g. telephone, email, etc.
– Automatic system, e.g. when you use our website or application, etc.

(2) Collect information from other sources, for example:
– Thailand Securities Depository Company Limited (TSD)
– Your broker, agent, other investors and analysts, the shareholders or companies that you represent.

3. Purposes of Collection, Use, Disclosure or Processing of Personal Information

AEONTS collects, uses, discloses or processes your personal information for various purposes depending on relationship between you and AEONTS as follows:

Processing purposes Lawful basis
To perform contractual obligations between you and AEONTS, to hold shareholders’ meetings, to prepare for and manage the attendance and voting procedures for shareholders’ meeting, to distribute dividends to shareholders, to manage shareholders’ registration under public limited companies law and securities and exchange law, to comply with our internal procedures, to receive and deliver documents between you and AEONTS, including to provide you with shareholder communications such as notices of meetings and relevant enclosures, and to process any proxy forms
  • Performance of a contract or taking steps at your request before entering into a contract
  • Compliance with law
To record video or voice when attending the shareholders’ meeting
  • Compliance with law (where the meeting is held by electronic means)
  • Legitimate interest (where the physical meeting is held)
To comply with legal obligations and law enforcement requests, and to report information to government authorities as required by laws
  • Compliance with law
To manage risks and undertake internal audit and internal administration
  • Legitimate interest

4. Data Retention Period

AEONTS retains your personal information for as long as is considered necessary for the purpose for which it was collected, used, disclosed or processed as set out in this Privacy Policy Statement. The criteria used to determine our retention periods include: we retain the personal information for the duration we have an ongoing relationship with you; or we may retain the personal information for a longer period as necessary to comply with applicable laws, or to be in accordance with legal prescription, or to establish, comply with or exercise the rights to legal claims or defend against the rights to legal claims, or to be complied with, for any other cause, our internal policies and regulations.

5. Data Disclosure

AEONTS may disclose your personal information in certain circumstances, for the purposes set out in this Privacy Policy Statement, to:

5.1 Government authorities, supervising authorities or other authorities as stipulated by laws, including competent official.

5.2 Agencies, contractors/sub-contractors and/or service providers for their implementation and procedure, such as
– Carriers, document storage and destruction service providers, printing house, IT development companies
– Auditors, lawyers, legal advisers, and consultants.

6. Data Subject Rights

6.1 Your rights under the PDPA

According to the PDPA, you have certain rights relating to your personal information as follows:

(1) Right to Withdraw Consent

You have the right to withdraw consent given to us for collecting, using or disclosing your personal information at any time, unless there is a restriction of the withdrawal of consent by law or the contract which gives benefits to you.

However, the withdrawal of consent shall not affect the collection, use or disclosure of personal information you have already given consent legally.

(2) Right to Access

You have the right to request access to and obtain a copy of your personal information, which is under our responsibility, or to request the disclosure of the acquisition of the personal information obtained without your consent. At our discretion, we may require you to prove your identity before providing the requested information. If you require multiple copies of your personal information, we may charge a reasonable processing fee.

(3) Right to Data Portability

Where AEONTS arranges your personal information to be in the format which is readable or commonly used by ways of automatic tools or equipment, and can be used or disclosed by automated means, you have the right to receive your personal information and are also entitled to:
(a) request us to send or transfer your personal information in such formats to other data controllers if it can be done by the automatic means;
(b) request to directly obtain your personal information in such formats that we send or transfer to other data controllers, unless it is impossible to do so because of the technical circumstances.

(4) Right to Object

You have the right to object to the collection, use, disclosure or otherwise processing of your personal information for direct marketing purposes or on grounds stipulated by law. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process your personal information for the establishment, exercise or defense of a legal claim.

(5) Right to Erasure

You have the right to request AEONTS to erase, destroy or make your personal information become unidentifiable data, under certain circumstances unless we are required to retain your personal information in order to comply with a legal obligation or to establish, exercise or defend legal claims.

(6) Right to Restriction of Processing

You have the right to request AEONTS to restrict the use of your personal information under certain circumstances where you believe such personal information to be inaccurate, our processing is unlawful; or we no longer need to process such personal information for a particular purpose, but where we are not able to delete the data due to a legal or other obligation or because you do not want us to delete it.

(7) Right to Rectification

AEONTS will ensure that your personal information remains accurate, up-to-date, complete, and not misleading. However, if you consider that your personal information is inaccurate or changed, you have the right to request AEONTS to rectify your personal information to be accurate, up-to-date, complete, and not misleading.

6.2 How to exercise your rights

You may exercise the data subject rights listed above via the following channels:
– Privacy setting page (via this website or mobile application)
– Notification setting page (via this website or mobile application)
– Call Center at 02-665-0123 for (1) Right to Withdraw Consent and (7) Right to Rectification
– Other channels as specified in Clause 8 below.

Nonetheless, if we reject your request, we will inform you of the reasons.

6.3 Processing time

AEONTS will process your request within 30 days upon receipt of your valid request together with complete supporting documents. Until then, your personal information will still be unchanged in our database and may still be processed or you may be contacted by us, our partners or those who have retained your personal information as of the date of your request.

7. Data Protection Security Measures

7.1 Implementation of Security Measures

AEONTS implements appropriate security measures for preventing unauthorized or unlawful loss, access to, use, alteration, correction or disclosure of personal information.

7.2 Disclosure of Personal Information to Data Processor

AEONTS properly supervises third parties to which AEONTS has appointed to process personal information pursuant to our orders or on our behalf.

8. Contact information

If you have any questions or inquiries about the protection of your personal information, collection, use or disclosure of your personal information, or exercise of your rights, or have any claims, please contact us at:

AEON Thana Sinsap (Thailand) Public Company Limited and Data Protection Officer (Mr. Takashi Hisae)

Address: 388 Exchange Tower, 27th Floor, Sukhumvit Road, Kwaeng Klongtoey, Khet Klongtoey, Bangkok 10110
Tel: DPO Office 02-302-4656
E-mail: [email protected]

You also have the right to file a complaint with the relevant Personal Data Protection Committee if AEONTS violates or do not comply with the PDPA or other regulations or notifications issued in accordance with the PDPA.

9. Third Party Links

This Privacy Policy Statement applies to the use of website, mobile application and LINE account of AEONTS only. When you link to third party websites via AEONTS Website, the personal information protection shall be in accordance with the privacy policy statement of such third party websites which are not related to AEONTS.

10. Update to this Privacy Policy Statement

AEONTS regularly reviews and, if appropriate, updates this Privacy Policy Statement from time to time to ensure that your personal information is properly protected. In case of any update to this Privacy Policy Statement, AEONTS will inform you through Privacy Policy Statement on this website, notification on your device or other appropriate methods. Please refer to this page for the updated Privacy Policy Statement.

[Last updated on 1 February 2022]

Privacy Policy Statement (For Customer)

AEON Thana Sinsap (Thailand) Public Company Limited

1. Introduction

1.1 AEON Thana Sinsap (Thailand) Public Company Limited (“AEONTS” or “we”) including employees, directors, representatives, authorize persons or working on behalf of the persons above. has established and discloses this privacy policy statement (the “Privacy Policy Statement”) as our approach to explain how we, as the data controller, collect, use, disclose or otherwise process personal information of our existing customers and prospect customers and how we protect personal information and properly handle such information once the provisions under the Personal Data Protection Act B.E. 2562 (2019) (the “PDPA”) with respect to the processing of personal information become effective.

1.2 AEONTS recognizes the importance of protecting personal information, and complies with the PDPA and other relevant laws and regulations as well as internal regulations of AEONTS including this Privacy Policy Statement, and AEONTS strives to properly protect and handle personal information.

1.3 AEONTS collects personal information through appropriate and lawful means, and only to the extent necessary to achieve the purpose of utilization. Such collection, use, disclosure or otherwise processing of personal data will be in accordance with the provisions of relevant laws only.

1.4 AEONTS specifies the purpose of collection, use, disclosure or otherwise processing of personal information, and collects such information to the extent necessary in relation to the purpose. In cases where the purpose of collection, use, disclosure or otherwise processing of specific personal information is limited by relevant laws and regulations, AEONTS does not use such personal information beyond such limitations of the purpose. You may find details of purpose of collection, use, disclosure or otherwise processing of personal information in this Privacy Policy Statement.

1.5 AEONTS does not disclose personal information to any third party, except where the person concerned has granted prior consent in that regard, or where disclosure of personal information is based on laws.

1.6 AEONTS takes appropriate security measures for preventing unauthorized or unlawful loss, access to, use, alteration, correction or disclosure, of personal information. When appointing any third party to process personal information on behalf of AEONTS, AEONTS appropriately oversees such third party.

1.7 AEONTS reviews the content of this Privacy Policy Statement as necessary, and strives to bring about continuous improvement such as to our systems and approaches for protecting personal information.

1.8 AEONTS trains and educates our officers and employees regarding the importance of protecting personal information to ensure that they handle customers’ personal information in an appropriate manner.

1.9 AEONTS responds in an appropriate and swift manner to requests for exercising data subject rights, any opinions or requests concerning its collection, use, disclosure or otherwise processing of personal information. Please see relevant details shown in this Privacy Policy Statement or please contact AEONTS at contact details shown below.

2. Personal Information We Collect, Use, Disclose or Process and Its Sources

2.1 What is personal information?

Personal information means any information relating to an individual, which enables the identification of such individual, whether directly or indirectly,

2.2 Personal information we collect, use, disclose or process

AEONTS collects several types of personal information, including:

– Identity data (for example, name, surname, identification card number, passport number, birthdate, gender, age, employee status and employee code (in case of group insurance product or service), nationality, marital status, and in some cases AEONTS may process sensitive data such as biometric data for face recognition only with your explicit consent or when permitted by law)
– Online identity/Electronic Identifier (for example, IP address, cookie or Software Development Kit (SDK) or similar technologies, device ID)
– Contact data (for example, address, telephone number, email)
– Transaction data (for example, credit card number, member card number, income information, financial statement, data of transaction via AEONTS products or services, credit history, debt payment history, asset information)
– Communication data (for example, images, video or voice recordings when communicating with us)
– Your insurance and insurance policy information (for example, insurance policy number and details, claims information, including other products or services in relation to your insurance)
– Your marketing preferences information and coverage plans which you are interested in
– Insured asset information related to AEONTS products or services (for example, type of assets, value, asset’s owner, asset’s location, vehicle license plate number)
– Sensitive personal data only to the extent necessary for our products or services (for example, religions and blood type information as shown on identification card, your health information, your treatment information and any other sensitive personal data shown in claims records) only with your explicit consent or when permitted by law

2.3 Sources of information

AEONTS may collect your personal information from various sources as follows:

(1) Collect information directly from you, for example:
– Procedures for applications for using our services, contract signing, form filling, questionnaires, registrations or submission of claims or requests
– Your communication with us via our contact channels, e.g. telephone, e-mail, etc.
– Automatic system, e.g. when you use our website or application, etc.

(2) Collect information from other sources, for example:
– Our customers, agents or service providers
– Our group companies or our business partners or Insurance Company.
– Government authorities or other publicly available sources, such as company website, information made available on the internet or social media platforms (e.g. Facebook, Twitter, LinkedIn, etc.), National Credit Bureau Co.,Ltd.,, The Revenue Department , Social Security office (SSO), National Heath Security Office (NSHO) , etc.

3. Purposes of Collection, Use, Disclosure or Processing of Personal Information

AEONTS collects, uses, discloses or processes your personal information for various purposes depending on relationship between you and AEONTS as follows:

Processing purposes Lawful basis
1. To consider applications for using our products or services Including customer data verification for credit approval process (e.g credit card and loan approval process)
  • Performance of a contract or taking steps at your request before entering into a contract
  • Legitimate interest
2. To conduct Know Your Customer (KYC) authentication for verifying customer identity and To conduct electronics Know Your Customer (e-KYC) authentication for verifying customer identity.
  • Consent
  • Compliance with a law
3. To suggest products and services, and offer appropriate insurance plans.
  • Performance of a contract or taking steps at your request before entering into a contract
  • Legitimate interest
  • Consent
4. To use our products or services and comply with our internal procedures (e.g. delivery of documents between you and AEONTS).
  • Performance of a contract
  • Legitimate interest
5. To enter into an agreement between AEONTS and you or corporate customers of AEONTS as an insurance broker.
  • Performance of a contract or taking steps at your request before entering into a contract
  • Legitimate interest
  • Consent
6. To provide services or undertake any operation relevant to the insurance policy(ies) that you have with the insurance company(ies) through AEONTS assistance and suggestion (for example, assisting in handling claims according to policy terms and policy renewal, including analysis of information related to the policy and claim records for assisting in negotiating insurance premium with the insurance company(ies) as per your request)
  • Performance of a contract
  • Legitimate interest
  • Consent
7. To undertake AEONTS’s internal procedures, administration management, risk management, internal audit, receive or deliver documents between you and AEONTS, including storage and back up data and/or documents regarding your insurance policy or the insured’s for AEONTS’s internal administration (for example, insurance policy information, claim information, supporting documents for claim consideration, claim record analytical information) and to undertake AEONTS internal procedures, risk management, internal audit and administration, receive or deliver documents between you and AEONTS, including storage and back up data and/or documents regarding your insurance policy or the insured’s for AEONTS internal administration (for example, insurance policy information, claim information, supporting documents for claim consideration, claim record analytical information)
  • Performance of a contract
  • Legitimate interest Consent
8. To evaluate, improve and develop our products, services and sales promotion.
  • Legitimate interest
  • Consent
9. To comply with legal obligations and law enforcement requests, and to report information to government authorities as required by laws (e.g. Bank of Thailand, Revenue Department, the Office of Insurance Commission) or upon receiving an order or a writ of attachment from police officers, government authorities or courts.
  • Compliance with a law
10. To establish, comply or exercise the rights to legal claims or defend against the rights to legal claims.
  • Legitimate interest
  • For establishment of right to claim under section 26(4) of Personal Data Protection Act (PDPA in case of processing sensitive data.
11. To conduct business planning, reporting, and forecasting
  • Legitimate interest
12. To prevent and detect fraud, money laundering, financing of terrorism and other illegal actions
  • Performance of a contract
  • Compliance with a law
  • Legitimate interest
13. To trace and collect debts
  • Performance of a contract
  • Legitimate interest
14. To legally assign any rights, duties and benefits under contract between you and AEONTS, including transfer or selling of debts or transfer due to securitization
  • Performance of a contract
  • Legitimate interest
15. To support inspection, investigation or other legal proceedings
  • Compliance with a law
  • Legitimate interest
16. To monitor security in and around our head office, regional offices, branches or premises, including ID card deposits when entering our premises and using CCTV to collect videos of those who contact in person
  • Legitimate interest
17. To manage risks and undertake internal audit and administration
  • Legitimate interest
18. To manage our relationship with you, for example to manage claims, to offer benefits without marketing purposes and To manage our relationship with our clients (for example, to manage complaints which includes the complaints against our representatives or any persons acting on behalf of AEONTS) To offer benefits without marketing process.
  • Legitimate interest
  • Consent
19. To analyze, research and develop our products and services to meet your requirements
  • Legitimate interest
  • Consent
20. To analyze your spending or service using history and your preferences to enhance benefits and offering our products or services available currently and in the future
  • Legitimate interest
  • Consent
21. To inform you of benefits and sales promotion for marketing purposes, to send activity invitations, to inform product or service information, including other notifications without marketing purpose
  • Consent
  • Legitimate interest
22. To verify customer’s identity for access to AEONTS lounge
  • Consent
23. To disclose to our agencies, contractors/sub-contractors and/or service providers for their implementation and procedure
  • Performance of a contract or taking steps at your request before entering into a contract
  • Legitimate interest
  • Consent
24. To disclose to our co-branded partners and business partners in order to enhance benefits and offering of existing and developing products or services of AEONTS and our co-branded partners and business partners, and to inform benefits and sales promotion
  • Consent
25. To disclose to our group companies and business partners for marketing purposes, including offering products, services, benefits and other special offers
  • Consent

4. Data Retention Period

AEONTS retains your personal information for as long as is considered necessary for the purpose for which it was collected, used, disclosed or processed as set out in this Privacy Policy Statement. The criteria used to determine our retention periods include: (i) we retain the personal information for the duration we have an ongoing relationship with you and provide the service to you; or we may retain the personal information for a longer period as necessary to comply with applicable laws, or to be in accordance with legal prescription, or to establish, comply with or exercise the rights to legal claims or defend against the rights to legal claims, or to be complied with, for any other cause, our internal policies and regulations.

5. Data Disclosure

AEONTS may disclose your personal information in certain circumstances, for the purposes set out in this Privacy Policy Statement, to:

5.1 Our subsidiaries, affiliates and any related companies for business purposes, internal management, offering for sale of products or services which you may be interested in, including undertaking any other activity as set out in this Privacy Policy Statement

5.2 Government authorities, supervising authorities or other authorities as stipulated by laws, including competent official, e.g. courts, police officers, Securities and Exchange Commission, Bank of Thailand, Anti-Money Laundering Office, Revenue Department.

5.3 Agencies, contractors/sub-contractors and/or service providers for their implementation and procedure, such as
– Carriers, providers of card issuing or destruction, document storage and destruction service providers, printing house, marketing agency, research companies, IT development companies
– Debt collection service provider (in the case where AEONTS assigns such debt collection service provider for trace and collection procedure and/or legal execution)
– National Credit Bureau Company Limited
– Auditors, lawyers, legal advisers, and consultants
– Data analysis and/or data comparison service provider

5.4 Assignees of AEONTS’ rights, duties and benefits, including their attorneys, for example in case of corporate restructuring, merger, acquisition, sale of assets, debt transferring or selling, securitization, etc.

5.5 Co-branded partners and business partners of AEONTS or other third parties as per your consent or contractual requirements or legal requirements, as the case may be

5.6 Insurance Company.

5.7 Road Accident Victims Protection Company Limited for registering the compulsory insurance policy

6. International Transfer of Personal Information

It is necessary for AEONTS to send or transfer your personal information internationally in order to develop and support our technology services and/or to provide any related services. We will have your personal information sent or transferred internationally by the most secure method in order to maintain and protect the security of your personal information. In addition, we will make our best efforts to ensure that the recipients of the personal information who are located abroad have adequate personal data protection standards as necessary and appropriate in order to comply with the PDPA.

7. Use of Cookies

AEONTS may collect and use cookies and/or similar technologies (e.g. Software Development Kit (SDK)) when you use our products, services, mobile application, website, including conduct financial transactions through Internet Banking.

The collection and use of cookies and/or similar technologies help AEONTS analyze your information, recognize you, remember your preferences and/or behavior when using our products, services, mobile application, website, including when conducting financial transactions through Internet Banking so that we can enhance and develop our ability to provide our products and services that are suitable to your needs.

In addition, AEONTS may use cookies and/or similar technologies for a variety of purposes, e.g. to assist you in using basic functions, to better understand you and give you a better online experience, or to communicate with you more effectively.

8. Data Subject Rights

8.1 Your rights under the PDPA

According to the PDPA, you have certain rights relating to your personal information as follows:

(1) Right to Withdraw Consent

You have the right to withdraw consent given to us for collecting, using or disclosing your personal information at any time, unless there is a restriction of the withdrawal of consent by law or the contract which gives benefits to you.

However, the withdrawal of consent shall not affect the collection, use or disclosure of personal information you have already given consent legally. In addition, where you withdraw consent, you may experience less convenience in using our products or services, or may not receive our benefits or special offers.

(2) Right to Access

You have the right to request access to and obtain a copy of your personal information, which is under our responsibility, or to request the disclosure of the acquisition of the personal information obtained without your consent. At our discretion, we may require you to prove your identity before providing the requested information. If you require multiple copies of your personal information, we may charge a reasonable processing fee.

(3) Right to Data Portability

Where AEONTS arranges your personal information to be in the format which is readable or commonly used by ways of automatic tools or equipment, and can be used or disclosed by automated means, you have the right to receive your personal information and are also entitled to:

(a) request us to send or transfer your personal information in such formats to other data controllers if it can be done by the automatic means;

(b) request to directly obtain your personal information in such formats that we send or transfer to other data controllers, unless it is impossible to do so because of the technical circumstances.

(4) Right to Object

You have the right to object to the collection, use, disclosure or otherwise processing of your personal information for direct marketing purposes or on grounds stipulated by law. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process your personal information for the establishment, exercise or defense of a legal claim.

(5) Right to Erasure

You have the right to request AEONTS to erase, destroy or make your personal information become unidentifiable data, under certain circumstances unless we are required to retain your personal information in order to comply with a legal obligation or to establish, exercise or defend legal claims.

(6) Right to Restriction of Processing

You have the right to request AEONTS to restrict the use of your personal information under certain circumstances where you believe such personal information to be inaccurate, our processing is unlawful; or we no longer need to process such personal information for a particular purpose, but where we are not able to delete the data due to a legal or other obligation or because you do not want us to delete it.

(7) Right to Rectification

AEONTS will ensure that your personal information remains accurate, up-to-date, complete, and not misleading. However, if you consider that your personal information is inaccurate or changed, you have the right to request AEONTS to rectify your personal information to be accurate, up-to-date, complete, and not misleading.

8.2 How to exercise your rights

You may exercise the data subject rights listed above via the following channels:
– Privacy setting page (via this website or mobile application)
– Notification setting page (via this website or mobile application)
– Contact Center at 02-665-0123 for (1)Right to Withdraw Consent and (7)Right to Rectification
– Other channels as specified in Clause 10 below for your right (2)-(6)
Nonetheless, if we reject your request, we will inform you of the reasons.

8.3 Processing time

AEONTS will process your request within 30 days upon receipt of your valid request together with complete supporting documents. Until then, your personal information will still be unchanged in our database and may still be processed or you may be contacted by us, our partners or those who have retained your personal information as of the date of your request.

9. Data Protection Security Measures

9.1 Implementation of Security Measures

AEONTS implements appropriate security measures for preventing unauthorized or unlawful loss, access to, use, alteration, correction or disclosure of personal information.

9.2 Disclosure of Personal Information to Data Processor

AEONTS properly supervises third parties to which AEONTS has appointed to process personal information pursuant to our orders or on our behalf.

10. Contact information

If you have any questions or inquiries about the protection of your personal information, collection, use or disclosure of your personal information, or exercise of your rights, or have any claims, please contact us at:

AEON Thana Sinsap (Thailand) Public Company Limited and Data Protection Officer (Mr. Takashi Hisae)

Address: 388 Exchange Tower, 27th Floor, Sukhumvit Road, Kwaeng Klongtoey, Khet Klongtoey, Bangkok 10110
Tel: DPO Office 02-302-4656
E-mail: [email protected]

You also have the right to file a complaint with the relevant Personal Data Protection Committee if AEONTS violates or do not comply with the PDPA or other regulations or notifications issued in accordance with the PDPA.

11. Third Party Links

This Privacy Policy Statement applies to the sales of products or provision of services and use of website, mobile application and LINE account of AEONTS only. When you link to third party websites via AEONTS Website, the personal information protection shall be in accordance with the privacy policy statement of such third party websites which are not related to AEONTS.

12. Update to this Privacy Policy Statement

AEONTS regularly reviews and, if appropriate, updates this Privacy Policy Statement from time to time to ensure that your personal information is properly protected. In case of any update to this Privacy Policy Statement, AEONTS will inform you through Privacy Policy Statement on this website, notification on your device or other appropriate methods. Please refer to this page for the updated Privacy Policy Statement.

[Last updated on 12 September 2023]

 

Anti-Money Laundering and Combating the Financing of Terrorism and Proliferation of Weapons of Mass Destruction: AML/CFT/WMD

        AEONTS and subsidiaries are committed to combating money-laundering and financing of terrorism and the proliferation of weapons of mass destruction to be complied with the applicable laws and regulation of legal entity and also to be complied with AFS Group’s AML/CFT policy.

We are taking into the account its social responsibility as a financial institution, company and corporate group, considers the prevention of money laundering and terrorist financing to be one of its most important management issues.

In order to prevent of money laundering and terrorist financing, the company wholly or majority-owned or controlled legal entities as a source of money laundering and supporting financial to terrorist and proliferation of weapon of mass destruction implements the AML/CFT/WMD policy as followings:

  1. The Company supports and strictly complied with the applicable Anti-Money Laundering, Combating the Financing of Terrorism and the Proliferation of Weapons of Mass Destruction’s law and regulations which includes but not limit to the customer acceptance, customer due diligence, risk assessment and risk mitigation, transaction monitoring and reporting and record keeping.
  2. The Company shall appoint senior management to oversight AML/CFT/WMD laws and regulations and considers the prevention of money laundering and terrorist financing to be one of its most important management issues and the management shall establish organizational control of money laundering risk.
  3. The Company will prescribe the control measure relates to Anti-Money Laundering, Combating the Financing of Terrorism and the Proliferation of Weapons of Mass Destruction which covers the following topics: customer acceptance, customer identification, customer due diligence, risk assessment and management, transaction record and report, customer rejection or customers’ relationship discontinuation in case customer has their risks concerning Anti-Money Laundering, Combating the Financing of Terrorism and the Proliferation of Weapons of Mass Destruction. Such subordinate policies and guidelines shall be regularly reviewed and kept the information are up-to-date.
  4. The Company shall perform the internal AML/CTPF risk assessment and management in order to determine, evaluate and mitigate AML/CTPF risks as annually basis. The assessment covers all customers, products/services and channel and also perform the assessment prior to introduction of new products or services or implementation of new technology or electronics network as required by the applicable laws and regulations.
  5. The company shall report the cash transaction report as required by law and regulations includes the suspicious transaction with accurate and complete information as well as within the specified timeframe to the law enforcement authority.
  6. The company shall prescribe the independent internal control which suitable for the organization and complied with regulatory requirement.
  7. The company shall prescribe the information’s sharing procedure among intra-group the groups of company and mutual cooperation.
  8. The company requires that all information and evidence of identity verification, as well as Customer Due Diligence and transactions shall be kept entirely within the period specified by law.
  9. All officers and employees of the Company shall not engage in money laundering or terrorist financing, nor shall they provide any assistance, including involvement, support or inaction, to those who engage in such activities. Also, do not tipping-off.
  10. The company shall arrange and provide the AML/CFT/WMD training to all staffs in accordance with the applicable laws and regulations. Also responsible for the enhancement of the staff’s knowledge to meet the regulatory requirement and efficiency of AML/CFT related duties.
  11. The Company will arrange the independent audit program on AML/CFT/WMD regarding to the compliance with the internal policies and regulations.
  12. The Company shall prescribe the internal policy and procedures for sharing information required for the purposes of AML/CFT/WMD risk management applicable to all branches and majority-owned subsidiaries both local and oversea jurisdiction. Adequate safeguards on the confidentiality and use of information exchanged should be in place. In the case of their foreign operations, where the minimum AML/CFT requirements of the host country are less strict than those of the home country, the company shall be required to ensure that the branches and majority-owned subsidiaries in host countries implement the requirements of the home country, to the extent that host country laws and regulations permit. If the host country does not permit the proper implementation of the measures above, the company should apply appropriate additional measures to manage the money laundering and terrorist financing risks, and inform their home supervisors.
  13. The company shall prescribe the internal policy and design the program to supervise a third party’s activities in accordance with the applicable AML/CFT laws and regulations.

Privacy Policy Statement (For Employee)

AEON Thana Sinsap (Thailand) Public Company Limited

1. Introduction

1.1 AEON Thana Sinsap (Thailand) Public Company Limited (“AEONTS” or “we”) has established and discloses this privacy policy statement (the “Privacy Policy Statement”) as our approach to explain how we, as the data controller, collect, use, disclose or otherwise process personal information of our employees (including our outsourced staffs) and ex-employees, including family members, contact persons, reference persons, guarantors, associates and other related persons of our employees and ex-employees, and how we protect personal information and properly handle such information once the provisions under the Personal Data Protection Act B.E. 2562 (2019) (the “PDPA”) with respect to the processing of personal information become effective.

1.2 AEONTS recognizes the importance of protecting personal information, and complies with the PDPA and other relevant laws and regulations as well as internal regulations of AEONTS including this Privacy Policy Statement, and AEONTS strives to properly protect and handle personal information.

1.3 AEONTS collects personal information through appropriate and lawful means, and only to the extent necessary to achieve the purpose of utilization. Such collection, use, disclosure or otherwise processing of personal information will be in accordance with the provisions of relevant laws only.

1.4 AEONTS specifies the purpose of collection, use, disclosure or otherwise processing of personal information, and collects such information to the extent necessary in relation to the purpose. In cases where the purpose of collection, use, disclosure or otherwise processing of specific personal information is limited by relevant laws and regulations, AEONTS does not use such personal information beyond such limitations of the purpose. You may find details of purpose of collection, use, disclosure or otherwise processing of personal information in this Privacy Policy Statement.

1.5 AEONTS does not disclose personal information to any third party, except where the person concerned has granted prior consent in that regard, or where disclosure of personal information is based on laws.

1.6 AEONTS takes appropriate security measures for preventing unauthorized or unlawful loss, access to, use, alteration, correction or disclosure, of personal information. When appointing any third party to process personal information on behalf of AEONTS, AEONTS appropriately oversees such third party.

1.7 AEONTS reviews the content of this Privacy Policy Statement as necessary, and strives to bring about continuous improvement such as to our systems and approaches for protecting personal information.

1.8 AEONTS trains and educates our officers and employees regarding the importance of protecting personal information to ensure that they handle personal information of data subject under this Privacy Policy Statement in an appropriate manner.

1.9 AEONTS responds in an appropriate and swift manner to requests for exercising data subject rights, any opinions or requests concerning its collection, use, disclosure or otherwise processing of personal information. Please see relevant details shown in this Privacy Policy Statement or please contact AEONTS at contact details shown below.

2. Personal Information We Collect, Use, Disclose or Process and Its Sources

2.1 What is personal information?

Personal information means any information relating to an individual, which enables the identification of such individual, whether directly or indirectly,

2.2 Personal information we collect, use, disclose or process

AEONTS collects several types of personal information, including:
– Identity data (for example, name, surname, identification card number, passport number, birth date, gender, nationality).
– Contact data (for example, address, telephone number, email)
– Financial data (for example, bank account, credit bureau, anti-money laundering information)
– Information relevant to your work such as working details, work permit details, work performance evaluation, leave information, information about your use of our information and communication systems Work performance related information (for example, working details, work performance evaluation, test score, and in some cases, AEONTS may process sensitive data such as biometric data health data, religion as shown in your identification card, and criminal record only with your explicit consent or when permitted by law)
– Personal information of your family members to the extent that is necessary for your employment benefits
– Information obtained through video and voice recordings during your work performance such as images caught on CCTV, voice recordings during conversation with customers or other third parties

2.3 Sources of information

AEONTS may collect your personal information from various sources as follows:

(1) Collect information directly from you, for example:
– Our internal process for your employment contract, when you sign employment contract, and employee insurance and benefit claims processes.
– Your communication with us via our contact channels, e.g. telephone, e-mail, etc.
– AEONTS online system, e.g. when you use our website or internal system, etc.

(2) Collect information from other sources, for example:
– Government authorities such as Royal Thai Police, Anti-money Laundering Office, and court.
– Hospital that performs health checkup for new employees.
– From your employer (for outsourced staffs).

3. Purposes of Collection, Use, Disclosure or Processing of Personal Information

AEONTS collects, uses, discloses or processes your personal information for various purposes depending on relationship between you and AEONTS as follows:

Processing purposes Lawful basis
To perform any relevant procedures for our employment contract with you including all agreements related to employment such as Non-disclosure agreement, etc.
  • Performance of a contract
To perform our duties under employment contract and other processes related to the employment contract such as salary payment, employee data records, [hiring disability employees], generating reports for all types of leaves, work performance evaluation, probation evaluation and confirmation, provident fund applications and fund-related information management, parking permit, etc.
  • Performance of a contract
  • Compliance with a law
  • Consent for sensitive data
To comply with our legal or regulatory obligations and law enforcement request, and to report information to government authorities as required by laws, e.g. Revenue Department, Social Security Office, Department of Labour Protection and Welfare, or upon receiving an order or a writ of attachment from police officers, government authorities or courts, etc.
  • Compliance with a law
For you to perform obligations under employment contract as the employee of AEONTS including using your vein scan to ensure the information and system security of AEONTS for your performance under employment contract
  • Performance of a contract
  • Consent for sensitive data
To administer matters relating to your health and insurance such as providing health checkup, health insurance, other insurance and insurance claim, etc.
  • Performance of a contract
  • Consent for sensitive data
To provide trainings for employees as agreed or determined in the employment contract and company policy, regulations, or work rules
  • Performance of a contract
To monitor security in and around our head office, regional offices, branches or premises through CCTV system
  • Legitimate interest
To support your loan and/or credit card application by providing your employment status to a commercial bank
  • Consent
To manage and resolve any complaints regarding performance under employment contract including detection, investigation, or other legal process
  • Legitimate interest
  • Legal obligation
To establish, comply or exercise the rights to legal claims or defend against the rights to legal claims
  • Legitimate interest
  • Legal claim for sensitive data
To maintain your records after your employment with us ended as our future reference for your re-application
  • Consent
To disclose to our customers, vendors or other third parties due to the rights and obligations for work performance under employment contract
  • Performance of a contract
  • Legitimate interest
To disclose to our agencies, service providers or sub-contractors for any operations of AEONTS
  • Performance of a contract
  • Legitimate interest
  • Consent for sensitive data

4. Data Retention Period

AEONTS retains your personal information for as long as is considered necessary for the purpose for which it was collected, used, disclosed or processed as set out in this Privacy Policy Statement. The criteria used to determine our retention periods include: (i) we retain the personal information for the duration we have an ongoing employment relationship with you; or we may retain the personal information for a longer period as necessary to comply with applicable laws, or to be in accordance with legal prescription, or to establish, comply with or exercise the rights to legal claims or defend against the rights to legal claims, or to be complied with, for any other cause, our internal policies and regulations.

5. Data Disclosure

AEONTS may disclose your personal information in certain circumstances, for the purposes set out in this Privacy Policy Statement, to:

5.1 Government authorities, supervising authorities or other authorities as stipulated by laws, including competent official, e.g. courts, police officers, Social Security office, Revenue Department, Immigration Bureau, Ministry of Commerce, Student Loan Fund.

5.2 AEONTS parent company in Japan for internal administrative purposes such as handling employees’ complaint.

5.3 Our customers, vendors or other third parties due to the rights and obligations for work performance under employment contract.

5.4 Agencies, contractors/sub-contractors and/or service providers for their implementation and procedure such as document storage and destruction service providers, printing house, IT development companies, auditor, lawyer, consultants, etc.

5.5 External training institutes.

5.6 Banks or credit card companies expected to have a legal relationship with you.

5.7 Hospital for your annual health checkup.

5.8 Insurance companies.

5.9 Provident fund management company.

6. Data Subject Rights

6.1 Your rights under the PDPA

According to the PDPA, you have certain rights relating to your personal information as follows:

(1) Right to Withdraw Consent

You have the right to withdraw consent given to us for collecting, using or disclosing your personal information at any time, unless there is a restriction of the withdrawal of consent by law or the contract which gives benefits to you.

However, the withdrawal of consent shall not affect the collection, use or disclosure of personal information you have already given consent legally. In addition, where you withdraw consent, you may experience less convenience in working with AEONTS, or may not receive employees’ benefits or special offers.

(2) Right to Access

You have the right to request access to and obtain a copy of your personal information, which is under our responsibility, or to request the disclosure of the acquisition of the personal information obtained without your consent. At our discretion, we may require you to prove your identity before providing the requested information. If you require multiple copies of your personal information, we may charge a reasonable processing fee.

(3) Right to Data Portability

Where AEONTS arranges your personal information to be in the format which is readable or commonly used by ways of automatic tools or equipment, and can be used or disclosed by automated means, you have the right to receive your personal information and are also entitled to:

(a) request us to send or transfer your personal information in such formats to other data controllers if it can be done by the automatic means;

(b) request to directly obtain your personal information in such formats that we send or transfer to other data controllers, unless it is impossible to do so because of the technical circumstances.

(4) Right to Object

You have the right to object to the collection, use, disclosure or otherwise processing of your personal information on grounds stipulated by law. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process your personal information for the establishment, exercise or defense of a legal claim.

(5) Right to Erasure

You have the right to request AEONTS to erase, destroy or make your personal information become unidentifiable data, under certain circumstances unless we are required to retain your personal information in order to comply with a legal obligation or to establish, exercise or defend legal claims.

(6) Right to Restriction of Processing

You have the right to request AEONTS to restrict the use of your personal information under certain circumstances where you believe such personal information to be inaccurate, our processing is unlawful; or we no longer need to process such personal information for a particular purpose, but where we are not able to delete the data due to a legal or other obligation or because you do not want us to delete it.

(7) Right to Rectification

AEONTS will ensure that your personal information remains accurate, up-to-date, complete, and not misleading. However, if you consider that your personal information is inaccurate or changed, you have the right to request AEONTS to rectify your personal information to be accurate, up-to-date, complete, and not misleading.

6.2 How to exercise your rights

You may exercise the data subject rights listed above via the following channels:
­ - SAP SuccessFactors System of the Company (for consent withdrawal)
­ - Channels specified in Clause 8 below.

Nonetheless, if we reject your request, we will inform you of the reasons.

In addition, outsource staffs may withdraw their consent by notifying head of section in charge of your outsourcing contract.

6.3 Processing time

AEONTS will process your request within 30 days upon receipt of your valid request together with complete supporting documents. Until then, your personal information will still be unchanged in our database and may still be processed or you may be contacted by us, our partners or those who have retained your personal information as of the date of your request.

7. Data Protection Security Measures

7.1 Implementation of Security Measures

AEONTS implements appropriate security measures for preventing unauthorized or unlawful loss, access to, use, alteration, correction or disclosure of personal information.

7.2 Disclosure of Personal Information to Data Processor

AEONTS properly supervises third parties to which AEONTS has appointed to process personal information pursuant to our orders or on our behalf.

8. Contact information

If you have any questions or inquiries about the protection of your personal information, collection, use or disclosure of your personal information, or exercise of your rights, or have any claims, please contact us at:

AEON Thana Sinsap (Thailand) Public Company Limited and Data Protection Officer (Mr. Takashi Hisae)

Address: 388 Exchange Tower, 27th Floor, Sukhumvit Road, Kwaeng Klongtoey, Khet Klongtoey, Bangkok 10110
Tel: DPO Office 02-302-4656
E-mail: [email protected]

You also have the right to file a complaint with the relevant Personal Data Protection Committee if AEONTS violates or do not comply with the PDPA or other regulations or notifications issued in accordance with the PDPA.

9. Third Party Links

This Privacy Policy Statement applies to the use of website, mobile application and LINE account of AEONTS only. When you link to third party websites via AEONTS Website, the personal information protection shall be in accordance with the privacy policy statement of such third party websites which are not related to AEONTS.

10. Update to this Privacy Policy Statement

AEONTS regularly reviews and, if appropriate, updates this Privacy Policy Statement from time to time to ensure that your personal information is properly protected. In case of any update to this Privacy Policy Statement, AEONTS will inform you through Privacy Policy Statement on this website or other appropriate methods. Please refer to this page for the updated Privacy Policy Statement.

[Last updated on 1 February 2022]