Privacy Policy

           Ampas Industries Company Limited (the “Company”), realizes the importance of protection of personal data. As protection of personal data is an integral part of our social responsibility and it is the foundation for building trustworthy business relationships with customers and partners. In accordance with the principles of management of personal data, this includes the collection, use, disclosure and other issues of the personal data owner by adhering to standards, provisions of the law, and good standards of the industry.

Article 1 General provisions

           1.1  The Company values ​​and respects the privacy of the personal data owner, by bringing the provisions of the law and good standards of the industry to apply to the collection, use, disclosure, and other rights of the personal data owners. The Company realizes that personal data owners, whose personal data is stored with the Company, would like their personal data to be kept secured.

           1.2  The Company will manage personal data such as name-surname/juristic person name, gender, date of birth, age, height, weight, status, nationality, religion, place of residence, occupation, place of work, telephone number, fax number, email address, user information for applications; applicant information with name-surname, photo, education, financial status, health history, criminal record, work history, activity history, which can identify the owner of the personal data.  And it is the personal data that is complete and accurate, and up to date as the Company has been notified. It will be used for the purposes of the Company only. Then the Company will take strict measures to maintain security, as well as preventing personal data from being used without the personal data owner’s permission first.

Article 2 Purposes for collecting personal data

           2.1  The Company collects personal data of the personal data owner for the Company’s operation, research studies, or preparing statistics, which are in line with the objectives of the Company’s operations, and to improve the quality of the Company’s services to be more efficiency.

           2.2  If the purpose for collecting personal data is changed later, the Company will notify the owner of the personal data and ask for consent and provide a record of the amendment as evidence.

           2.3  If the Company collects, uses and discloses personal data for any acts other than the stated purposes, the personal data owner has the personal data privacy right of the personal data owner, to choose, whether to allow the company to collect, use, disclose; or not to collect, use and disclose such personal data.

           2.4  For electronic transaction services through electronic media, the Company may automatically record the owner’s website access data, for the purposes of analyzing and tracking the use of the website services, and for traceability purposes in case a usage problem, by storage at least of the followings:

                   (1)  IP address

                   (2)  Types of browser programs

In addition, the Company may also use third-party services to keep records of electronic media service systems as required by law.

           2.5  The Company will not do any actions differ from those stated in the purposes for which the data was collected unless:

                   (1)  Notifying the owner about the new purpose, and obtain the consent from the personal data owner.

                   (2)  It is the case that the law requires.

Article 3 collection of personal data

           3.1  The Company will use lawful and fair methods for collecting personal data owner’s data, as well as limited and necessary collection to provide services for the purposes of the Company only.

          3.2  The Company will ask for the consent of the personal data owner before collecting it, unless:

                  (1)  It is the case that the law requires.

                  (2)  It is for the benefit of the personal data owner, and the request for consent cannot be done at that time.

                  (3)  It is for the benefit of the life, health or safety of the personal data owner and others.

                  (4)  It is for the benefit of the investigation by the inquiry official, or the judgment of the court.

                  (5)  It is for the benefit of research studies or preparing statistics.

           3.3  The Company does not collect personal data of the personal data owner related to the genetic nature, sexual behavior, or information that may be harmful, disgrace, or it may arise the feeling of unfair discrimination, or inequality to any person unless:

                  (1)  Getting the written consent of the personal data owner.

                  (2)  It is the case that the law requires.

                  (3)  It is for the benefit of the owner of the personal data, and the request for consent cannot be done at that time.

                  (4)  It is for the benefit of the life, health or safety of the personal data owner and others.

                  (5)  It is for the benefit of the investigation by the inquiry official, or the judgment of the court.

                  (6)  It is for the benefit of research studies or preparing statistics.

           3.4  The Company may combine personal data of personal data owner, with personal data owner’s personal data obtained from other sources, only if necessary, and with the consent of the personal data owner only, for the purpose of updating the personal data of the personal data owner to date, and to improve the quality and efficiency of the Company’s service to be better.

Article 4 Use of personal data for disclosure

           4.1  The Company may use, disclose personal data of the personal data owner, only with the consent of the owner of the personal data, and it must be used for the purposes of the Company only.

           4.2  The Company will ensure that the Company’s operators will not disclose, display or appear the personal data of the personal data owner to any other manner, other than the purpose or to a third party unless:

                  (1)  It is the case that the law requires.

                  (2)  Getting the written consent of the personal data owner.

                  (3)  It is for the benefit of the life, health or safety of the personal data owner and others.

                  (4)  It is for the benefit of the investigation by the inquiry official, or the judgment of the court.

                  (5)  It is for the benefit of research studies or preparing statistics.

           4.3  In some cases, the Company may allow individuals or other entities to access or use the personal data of the personal data owner necessarily, and in accordance with the Company’s objectives and obligations, with consent of personal data owner, as required by law.

Article 5 Security

           The Company realizes the importance of maintaining the security of personal data of the personal data owner, appropriate measures for the security of personal data are in place to prevent loss, access, destruction, use, alteration or disclosure of personal data, without consent or illegally, in order to comply with the Company’s information technology security policy and practices.

Article 6 Involvement of the personal data owner

           6.1  In the case that personal data owner wishes to know personal data about oneself, the personal data owner can make a request in accordance with the rules and procedures prescribed by the Company. When the Company receives the request, the Company will quickly proceed to inform the existence, or details of personal data to the personal data owner within a reasonable period.

           6.2  If the personal data owner opines that any personal data concerning them is in fact incorrect, the personal data owner can notify the company to correct, change or delete that personal data. For this purpose, the Company will also make a record of objection to the storage, accuracy, or any acts in connection with the personal data of the personal data owner.

           6.3  The personal data owner has the right to examine the existence, nature of the personal data, the purposes for the information being used, and the place of the company, additionally, is the right as follows:

                 (1)  To request a copy, or request a certified true copy of personal data.

                 (2)  To request to correct or change your personal data to be correct and complete.

                 (3)  To request to suspend the use or disclosure of personal data about oneself.

                 (4)  To request for the deletion or destruction of personal data about oneself.

                 (5)  To request to disclose the acquisition of personal data about oneself, in the case of data the owner has not consented to collect or store.

                However, the Company may reject the request of the personal data owner, in the event required by law, or in the event that the personal data of the personal data owner has been anonymized or unidentifiable identified to the personal data owner.

Article 7 Linking personal data with other persons or other entities

           7.1  The Company may link personal data with other individuals or entities. The Company will notify the personal data owner before linking personal data, including consent, with at least the following details:

                (1)  Person or organization to which personal data will be linked to.

                (2)  Purpose for linking personal data.

                (3)  Methods to link personal data.

                (4)  Personal data to be linked.

                (5)  Persons who have access to personal data.

           7.2  When linking personal data with other individuals or entities, the Company will state the collector, the persons who have the right to access the collected data, so that the personal data owner is informed. The Company will make a record of the data linkage as evidence.

           7.3  If there is a change in the data linkage, the company will notify the personal data owner of the change and ask for consent before taking action.

Article 8 Period of storage of personal data and withdrawal of consent

           The Company will store the personal data of the users for the period necessarily to fulfill the purposes set out in this policy. If the personal data owner wishes to withdraw their consent to the storage of personal data, it can be informed the intention at the head office of the Company, where the Company will consider taking appropriate action, and record the intention as evidence.

Article 9 Change of personal policy

           The Company requires reviewing and revising related policies and guidelines, when there is a significant change in the relevant laws, or at least once a year.

…………………………………………………………………………………………………………………………………………………………………………………………………………………………………..

Safety standards

The protection of Ampas Industries Co., Ltd. implements the same safety standards as its affiliates.

IDS: Intrusion Detection System

          It is a computer system that monitors and intercepts data from unauthorized users, the Company uses the most efficient system and is constantly updated information.

Firewall System

It is a modern computer system that allows only those who have the rights or those approved by the Company to pass through the firewall to access the data. The Company uses a Firewall Protection system to ensure that your data will be kept very well.

Secure Socket Layer (SSL)

It is the encryption of data through the browser to prevent data intercepting while it is being transmitted over the Internet, thus the interceptor may not be able to understand the meaning of the data. The Company uses up to 128-bit secure encryption, which is highly secured in accordance with the world standards, and it is preferred by leading companies around the world.

Virus Scan

A computer virus is a computer program that damages the computer data and it can also spread computer viruses to other computers. All computers that provide services to users are equipped with high quality virus detectors on every computer and virus data is regularly updated.

Cookies

                Cookies is short data that when you visit a website and the Web Server can put that data on your computer to make your browser memorize a specific specification, that Web Server will read that data again when you visit the website later. Therefore, when you visit this type of websites and go back again, the website will immediately know who you are. However, the Company has avoided using this program, because it is aware of the protection of personal data, unless it is necessary. The Company will consider carefully, and aware of the security and privacy of the client importantly.

……………………………………………………………………………………………………………………………………………………………………………………………………..

Information security

Customer/supplier protection

           Using the Supplier EDI Webportal at public computers

The company does not recommend using the Supplier EDI Webportal service at public computers. Or that needs to be shared with other people, such as internet cafes, computers in the library, or workplaces that access the Internet via LAN, because there may be an adversary installed some programs that can capture sensitive information and take them. To use this, you should avoid using services with computers of this type.

User ID and Password

1.The user ID and password that you use in the Supplier EDI webportal system are confidential information of your company. There are instructions to do as follows:

• Never disclose the password to other people.
• Do not write down your password in an open place.
• Do not download the program from the Internet unnecessarily.
• Freeware programs downloading should be chosen from reliable websites.
• If you receive mail from an unknown person who has never been contacted, you should not open it, and delete it immediately.
• Be careful when opening files with the .exe, .doc, .xls, or .xlsx extension attached to the mail, if in doubt, delete the email immediately.
• Install a virus scan program, and update the version of the scan to be up to date, including scan regularly, and should scan for viruses before opening files obtained elsewhere.

2.Install a personal firewall to prevent hackers from stealing.

3.Keep up with IT news, especially password configuration advice, which is very important.