Privacy Notice for Customers

Dear Our Valued Customers,

Konica Minolta Solutions and Services (Thailand) Co., Ltd. (“we”, ”us” or “our”) values your privacy and strives to protect your personal data or personal data relating to the individuals connected to your business (“Personal Data”) based on the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”). We therefore arrange to have and provide this Privacy Notice to you in order to notify our collection, use and/or disclosure (collectively referred to as “Processing” or “Process”) of Personal Data.

This Privacy Notice explains:

  • What kind of Personal Data do we collect? This includes what you tell us about yourself or individuals connected to your business (“you”, “your” or “yourself”) and what we learn by having you as the customer.
  • How do we use your Personal Data?
  • Who do we disclose your Personal Data to?
  • What are the choices we offer? This includes how to access and update your Personal Data.
  • What are your privacy rights and how does the PDPA protect you?
  1. What kind of Personal Data do we collect?

We will collect your Personal Data only if it is necessary and we have proper reasons to Process your Personal Data. We may collect many kinds of your Personal Data, depending on circumstances and nature of requested products and/or services.

We may collect your Personal Data from a variety of sources, including but not limited to: –

  • When you purchase and/or apply for our products and/or services;
  • When you communicate to us, including recorded calls, posts, e-mails, notes and other means;
  • When you visit our websites or other online channels;
  • When you fill in your Personal Data on our websites or other online channels;
  • When you fill in our surveys and/or complain on our products and/or services;
  • When you take part in our competitions, events or marketing promotions/campaigns;
  • When you manifestly publish your Personal Data, including via social media, we may collect your Personal Data from your social media profile(s) to the extent that you choose to make your profile publicly visible;
  • When we receive your Personal Data from third parties, e.g., your employer, our business partners, banks, websites or other online channels, etc.; and/or
  • When you purchase our products and/or apply for our services through any third parties.

We sometimes collaborate with the third parties who are not our affiliates to collect your Personal Data regarding online activities when you visit our websites/online channels. Furthermore, we may use your Personal Data collected from other websites/online channels, which are not ours or our group/affiliates’ for the purpose of advertisement, which has been concluded that it matches your browsing behavior. However, we will inform you and provide you with an opportunity to decline such Processing.

The categories of your Personal Data that we may collect are subject to the applicable laws, including but not limited to: –

  • Personal details: Name and last name, gender, date of birth, marital status, name of parents, personal identification number, passport number, other identification numbers issued by the government including Personal Data that is presented on the documents issued by the government, corporate documents issued by authorities (in case of a juristic person), tax identification number, nationality, photograph appeared on identification card, passport or driving license, signatures, information we received from the questions where you can identify your identity (e.g., username, password, answer in resetting the password, PINs, etc.), photograph and CCTV image or footage;
  • Financial details: The details of bank accounts, billing addresses, credit card numbers and cardholders’ names and details;
  • Contact details: Addresses, telephone numbers, email addresses and social media profile details;
  • Electronic data: IP addresses, cookies, activity logs, online identifiers, unique device identifiers and geolocation data; and/or

During Processing of your Personal Data, we may also collect some sensitive Personal Data of you to deliver the products and/or services to you. However, we may not Process this type of Personal Data without your consent, unless the PDPA allows us to do so.

In case that you are required to provide the personal data of third parties to us, you agree to notify such third parties that we may Process their personal data and inform the content of this Privacy Notice to such third parties. You agree and warrant that you will conform to all requirements under the PDPA. This includes the obligation to obtain consent prior to or during the collection of third parties’ personal data in accordance with the form and content designated by us.

  1. How do we use your Personal Data?

We will use your Personal Data only if it is necessary and we have proper reasons to Process the Personal Data. When we Process your Personal Data, we will rely on one or more of the legal bases as follows: –

  • Contractual basis: When it is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract;
  • Legal obligation: When it is necessary for us to Process your Personal Data in order to comply with the laws or legal obligations;
  • Legitimate interest: When it is in our legitimate interest to Process your Personal Data for our benefit in compliance with the PDPA, as long as your fundamental rights are not overridden by our benefits; and/or
  • Consent: When you give your consent to us to Process your Personal Data for a stated purpose.

The PDPA and other regulations provide protection on the sensitive Personal Data more stringently. We will not Process this type of Personal Data without your consent, unless the PDPA allows us to do so.

The purposes for which we may Process your Personal Data, which is subject to the applicable laws and the legal basis of Processing, are:

Except as described in this Privacy Notice, we will not Process your Personal Data for any purposes other than the purposes as described to you in this Privacy Notice. Should we intend to Process additional Personal Data for other purposes, which are not described in this Privacy Notice, we will notify you and obtain your consent prior to the Processing, except in case where the PDPA allows us to do so without your consent. You will also have an opportunity to consent or decline to such Processing of your Personal Data.

In case you refuse to give us your Personal Data

Under the circumstance that it is necessary for us to collect your Personal Data in accordance with the PDPA or under the contract terms with you, and you decline to such collection, we may not be able to meet the obligations that have been agreed with you, or to enter into a contract with you. In this given circumstance, we may refuse to deliver the products and/or services to you.

  1. Who do we disclose your Personal Data to?

We will share your Personal Data only if it is necessary and we have proper reasons to Process the Personal Data, including where: –

  • It is necessary to comply with provisions of contracts;
  • We have a legal duty to do so (e.g., assisting in a withholding tax deduction, etc.);
  • We have a legal obligation to regulatory report, litigation, assertion or defense of legal rights and interests;
  • We have legitimate business interests to do so (e.g., managing risk, conducting internal report, assessing data analysis, verifying identity, enabling third parties to provide you with the services you have requested, assessing your suitability for the products and/or services, etc.); and/or
  • We request for your permission to share it, and you agree.

We may need to share your Personal Data for the purposes mentioned above with others, including but not limited to: –

  • Our group companies and any sub-contractors, agents or service providers who work for us or provide the services to us or our group companies, including their employees, sub-contractors, service providers, directors and officers;
  • Anyone who provides instructions or operates any of your accounts, products or services on your behalf, e.g., Power of Attorney, lawyers, etc.;
  • Your intermediaries, correspondent and agent;
  • Any appointed persons to take care your benefits;
  • People you make the payment to and receive the payment from;
  • Financial institutions, and payment service providers;
  • Any people or companies where required in connection with a potential or actual corporate restructuring, merger, acquisition or takeover, including any transfer or potential transfer of any of our rights or duties under our agreement with you;
  • Law enforcement, government, courts, dispute resolution bodies, regulators, auditors and any parties appointed or requested to carry out investigations or audits of our activities;
  • Other parties involved in any disputes;
  • Fraud prevention agencies who will also use it to detect and prevent fraud and other financial crime and to verify your identity; and/or
  • Anybody else that we have been instructed to share your Personal Data with by you.

Cross-border Transfer of Personal Data

When we transfer your Personal Data to overseas, we will ensure that those countries have an appropriate level of Personal Data protection and that the transfers are lawful. We may need to transfer the Personal Data in this way to carry out our contract with you, fulfill the legal obligations, protect the public interests and/or for our legitimate interests. In some countries, the law might compel us to share certain Personal Data, e.g., with tax authorities. Even in this case, we will only share the Personal Data with people who have the right to see it.

  1. Retention of Personal Data

We will retain your Personal Data for as long as it is necessary to carry out the purposes that are specified in this Privacy Notice. In any case we will keep your Personal Data for the duration of our contractual relationship and for another 10 years after you stop being our customer. Unless otherwise required in the event of regulatory or technical reasons, we may keep your Personal Data for longer than 10 years. If we do not need to retain the Personal Data for longer than it is legally required or necessary, we will destroy, delete or anonymize it. However, and in case where we are unable to destroy, delete or anonymize the Personal Data (e.g. the Personal Data is stored permanently in our backup database, etc.), we will store such Personal Data with an appropriate measure to ensure your Personal Data protection, separate such Personal Data from further Processing activities and will destroy, delete or anonymize it as soon as we are able to do so.

  1. Accuracy of your Personal Data

We need your help to ensure that your Personal Data under our care is up to date, complete and accurate. Please inform us of any change to your Personal Data through our contact channels specified in Article 9 below or update your Personal Data by yourself at/via our website and shall submitted the Data subject request form of the company.

We will occasionally request an update from you to ensure that the Personal Data we use to fulfill the purpose of Processing is up-to-date, accurate and complete.

  1. What are your privacy rights and how does the PDPA protect you?

Rights regarding your Personal Data are as follows:

  • Right to Withdraw: This enables you to withdraw your consent given to our Processing of your Personal Data in which you can do at any time by following our instructions. We may continue to Process your Personal Data if we have another legal basis to do so;
  • Right to Access: This enables you to receive a copy of or request for a disclosure of source we collect your Personal Data;
  • Right to Correct: This enables you to have any incomplete or inaccurate Personal Data we hold about you corrected. Please refer to Article 5 for more details on the accuracy of your Personal Data;
  • Right to Erasure: This enables you to ask us to delete, destroy or anonymize your Personal Data where there is no good reason for us to continue Processing it. Nonetheless, we will consider a request to delete carefully according to the laws;
  • Right to Object: This enables you to object to the Processing of your Personal Data, unless we have lawful reasons to deny your request;
  • Right to Restrict Processing: This enables you to ask us to suspend the Processing of your Personal Data temporarily or permanently, for example, if you want us to establish its accuracy or a reason/lawful basis for Processing it;
  • Right to Portability: In some cases, you have the right to request for the copy of your Personal Data in an electronics form or request for a transfer of your Personal Data to the third parties; and
  • Right to Lodge a Complaint: This enables you to file the complaint with a related government authority, including but not limited to, the Thailand Personal Data Protection Committee, when you see that we, our employees or service providers violate or do not comply with the PDPA or other notifications issued under the PDPA.

You may exercise your rights at any time by notifying us via the contact channels specified in Article 9 below, without having to pay any fees to access your Personal Data or exercising any other rights. However, we may charge a reasonable fee if your request does not have a rigid ground, is duplicated or is more than necessary. We may also refuse to proceed with your request under those situations.

Upon your notification, we may need to contact you for filling in our request form and we will start proceeding with our internal process. We may request certain information from you in order to verify your identity and guarantee your right to access the Personal Data (or to exercise any other rights) which is considered a security measure to ensure that your Personal Data will not be disclosed to those who is not authorized to access the Personal Data. We may also contact you for more information about the request for a quicker response.

We will make effort to respond to your legitimate request within 30 days. Under some circumstances, we may take more than 30 days depending on a complexity or duplication of your request. In such case, we will inform you on a status of your request.

Handling of Complaints

In the event that you wish to make the complaint about how we Process your Personal Data, please contact us at the contact channels provided in Article 9 below and we will try to consider your request as soon as possible. This does not prejudice your right to file the complaint with a government authority or Personal Data Protection Committee.

  1. Security of your Personal Data

Information is our asset and therefore we place a great importance on ensuring the security of your Personal Data. We regularly review and implement up-to-date physical, technical and organizational security measures when Processing your Personal Data. We have internal policies and controls in place to ensure that your Personal Data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the performance of their duties. Our employees are trained to handle the Personal Data securely and with utmost respect according to our policies, failing which they may be subject to a disciplinary action.

  1. Revision of our Privacy Notice

We keep our Privacy Notice under a regular review and update, and thus the Privacy Notice may be subject to changes. The date of last revision of Privacy Notice can be found on the top of this Privacy Notice and via our website.

  1. Contact us

Should you have any question regarding the protection of your Personal Data or wish to exercise your rights, please contact our Data Protection Office through the following channels: –

  • Konica Minolta Solutions and Services (Thailand) Co., Ltd.
  • Email: legal@gcp.konicaminolta.com
  • Tel: 02-029-7000 ext. 1238

The above information is updated on 20 May 2022