Privacy Notice Policy

GC Maintenance and Engineering Company limited (the “Company”) recognizes the importance of the protection of Personal Data and has compliance and management of Personal Data which are consistent with Personal Data Protection law and the related laws. The Company would like to notify you of the Company’s compliance with the Personal Data Protection Act, B.E. 2562 (2019) as follows:

1. The privacy statement

1.1 This privacy policy (“Privacy Policy”) applies to any online or offline communication channels where the Company collects your Personal Data, whether face-to-face, by phone or via the Company’s website at https://gcme.co.th and/or the Company’s application which may be provided later and/or other interactions between the Company and you.

1.2 Please read this Privacy Policy carefully to understand the Company’s practice regarding how the Company collects, uses and discloses your Personal Data.

1.3 Unless otherwise permitted by law, if you are under the age of 20, quasi-incompetent, or incompetent person and wish to provide the Personal Data to the Company and/or use of the Company’s website and/or application or other services. You shall obtain the consent of your parent or legal representative, guardian or curator prior to providing the Company with your Personal Data.

1.4 The Company reserves the right, in its sole discretion, to modify, revise, delete and/or update this Privacy Policy from time to time. The Company shall notify you in appropriate manner of any modification to the terms of this Privacy Policy (e.g., by emailing to you the revised Privacy Policy or by publishing the information about such modification on the Company channel).

2. Personal Data

2.1 The nature of Personal Data under this Privacy Policy as the following:

“Personal Data” means any information relating to a person, which enables the identification of such person, whether directly or indirectly, but not including the information of the deceased Persons in particular “Sensitive Personal Data” means the Personal Data pertaining to racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data (such as fingerprint, facial recognition , etc.) , or of any data which may affect the data subject in the same manner, as prescribed by the Personal Data Protection Committee.

2.2 The collection of Personal Data. Personal Data that theCompany collects about your Personal Data as follows:

2.2.1 The general Personal Data

2.2.1.1 Identification information, such as name and surname, nick name, gender, ID card number, passport number, date of birth, country and city of birth, etc.
2.2.1.2 Contact information, such as address and phone number, permanent address, postcode, mobile phone number, email address, line ID, social media profile name, etc. (IP Address)
2.2.1.3 IT information , such as the internet protocol address (IP Address), the nature of Browser and Cookies , ect. 
2.2.1.4 Financial Information, such as salary, pay slip , book account number , ect.
2.2.1.5 Visitor information, such as driving license number, license plate number, CCTV camera recording, ect.
2.2.1.6 Information related to the Company’s service , such as training/seminar or any activity arranged by the Company , ect.
2.2.1.7 Personal Data of other persons, such as emergency contact, references, beneficiary, the details of spouse, child, father and/or mother, brothers and sisters of full blood, relative including telephone number and/or mobile phone number of such person, etc. By providing other person’s Personal Data to the Company, you represent and warrant that you have the authority to do so and to permit the Company to use such Personal Data in accordance with this Privacy Policy. You are also responsible to provide this Privacy Policy for their knowledge and/or obtain consent where applicable or necessary.

2.2.2 Sensitive Personal Data

2.2.2.1 Personal Data pertaining to racial, ethnic origin, religious, disability, sexual behavior
2.2.2.2 Personal Data pertaining to health data, including the drug test result, physical examination of the contractor and/or the service provider prior to performing the service/task to the Company.
2.2.2.3 Criminal record of the contractor and/or the service provider prior to performing the service/task to the Company.
2.2.2.4 genetic data and/or biometric data such as facial recognition, fingerprint, voice recognition, iris recognition, etc.

3. The respect of Personal privacy

The Company respects Data Subjects’ right of their Personal Data and is also aware of the Data Subjects’ intention for the due protection of their Personal Data. Any Personal Data submitted to the Company will be used only for the stated purposes. The Company has strict security measures and a prevention not to let the unauthorized parties from accessing and using your personal data.

4. The Collection of Personal Data

In the direct collection, use, and disclosure of your Personal Data, the Company shall obtain your consent prior to or at the time of such collection if it be legally required and shall use the Personal Data only as necessary and only in accordance with the Company’s specified purposes.

However, the Company may collect your Personal Data from any other sources, such as from PTT Global Chemical Public Company Limited (“GC”), the affiliates of GC, the customer, vendor, business partner or governmental organization, etc., but only in necessity and carried out in accordance with legal requirements.

5. The purposes for collection, use and disclosure of Personal Data

The Company shall collect, use and disclose your Personal Data for the following purposes:

5.1 For the product and service provision: to respond to your inquiries and fulfill your request and to provide the administrative information to you such as the change in terms, conditions under this Privacy Policy or the Company’s regulation, ect.
5.2 For the Company’s performance : to enter into the contract and to perform the Company’s contractual obligation with you , procurement activities , to carry out the financial transactions , to perform the service/task rendered by the contractor and/or the service provider before entering the Company’s site.
5.3 Provision of information: to provide information related to the Company’s website and/or application (if any) including problems such as bugs or connectivity issues, and to provide updates any matters, etc.
5.4 For the improvement of the experience of services provided, through behavioral studies , how to use the Company’s and customer satisfaction survey to improve and develop the Company’s service and/or product.
5.5 For the marketing and advertising : to make marketing research or to obtain your review/comment to improve and develop the Company’s product and/or service.
5.6 Communication with you : to propose the Company’s product and/or service , to ask for your satisfaction with the Company’s product and/or service , to manage your appointment to communicate related to the Company’s product and/or service.
5.7 Functioning and administration of the Company’s channel : to administer, operate , monitor and update the Company’s channel provided in connection with the Company’s website and/or application.
5.8 IT Management: to monitor: to monitor and prevent any potential disruptions or cyber-attacks, to conduct statistical monitoring and analysis of current attacks on devices and systems, to administer and maintain database storing Personal Data, to monitor and conduct cookie tracking
5.9 For access control, security protection , preventing criminal situations as well as to be the evidence for investigation and/or inquiry process related to the Company’s internal measurement and/or legal actions arranged by the governmental organization and/or other organizations.
5.10 Life : to prevent or suppress a danger to a person’s life , body , property or health against the Company’s employees , you , visitor or other persons such as pandemic situation , etc.
5.11 For the communication channel: to trail or notify any related incidents such as accident case, emergency case, etc.
5.12 Compliance of legal obligations: to comply with criminal code, Computer-related Crime Act. B.E. 2560, Labour law, the related laws and regulations applicable to the Company.

However, should any modifications to the stated purposes for the collection , use or disclosure of Personal Data subsequently occur, the Company. The Company shall notify you in appropriate manner of any modification to the terms of this Privacy Policy (e.g., by emailing to you the revised Privacy Policy or by publishing the information about such modification on the Company channel) as well as fulfill other legal obligations, including the recording as evidence of the amendment of

6. The Personal Data retention period

The Company will retain your Personal Data only for the necessary duration, and will collect, use and disclose your Personal Data, as defined in this Privacy Policy, in accordance with legal compliance or as per legal prescription, for the establishment of legal claims, legal compliance or exercise of legal claims, or defense of legal claims, or for other purposes in accordance with this Privacy Policy and the Company’s regulations.

7. Security Measures

The Company has in place adequate and strict security measures, in accordance with this Privacy Policy and Guidelines on Information Technology of the Company, to prevent Personal Data, loss, access, destruction, use, alteration, correction, and to prohibit unauthorized or unlawful use of Personal Data

8. Your Rights as a Data Subject

As a Data Subject, you have the rights as prescribed in the Personal Data Protection Act, B.E. 2562 (2019) and other rights as follows:

8.1 To request access to and obtain a copy of your Personal Data, under the Company’s care and responsibility, as well as to request the disclosure of the acquisition of your Personal Data without your consent.
8.2 To request the Company to correct your Personal Data kept by the Company so that your Personal Data is accurate, up-to-date, complete, and will not incur any misunderstandings
8.3 To object to object the collection, use, or disclosure of your Personal Data, at any time, if the Personal Data is collected with the exemption to consent requirements
8.4 To request the Company to erase or destroy the Personal Data, or anonymize the Personal Data to become the anonymous data which cannot identify the data subject. At your request, the Personal Data shall still be recorded or copies at Server or Backup System to prevent unauthorized or unlawful access of Personal Data, or to backup the Personal Data for any failure, system failure or any incident caused by the willful act against person or other software.
8.5 To request the Company to suspend the use of your Personal Data as prescribed by law.
8.6 To withdraw the consent at any time.
8.7 To complain if the Company , its employee or contractor or the Data Processor does not comply with Personal Data Protection Act.
8.8 To disclose your Personal Data to other person or organization.

However, the Company reserves the right to deny or not to proceed with your request as prescribed by Personal Data Protection Act B.E. 2562 or as modified from time to time or as permitted by other laws.

9. Disclosure of your Personal Data to third party

The Company shall not disclose your Personal Data to third party without your prior consent, nevertheless; the Company may disclose your Personal Data to the following third party for the purpose of collection, use and disclosure as mentioned above.

9.1 GC and/or affiliates of GC located in Thailand or in a foreign country
9.2 Other person or organization to render the service related to the Personal Data to the Company for the purpose of the Company’s management such as IT Service Provider , etc.
9.3 Vendor and/or business partner
9.4 The external consultants including but not limited to attorney and auditor , etc. who will support the Company’s business or the Company’s claim.
9.5 The Company may disclose your Personal Data to other party such as Thai authorities , Public Organizations , Labour Protection and Welfare Organization including the disclosure as prescribed by law such as the establishment of legal claims , legal actions , legal execution , etc.

In the circumstance where the Personal Data will be provided to other person , the Company shall take action to other person to have the appropriate security measure as prescribed by law and on the basis of necessity to comply with the law or obligations under the contract.

10. Cookies

When you visit the Company’s website and/or application, the Company shall collect some your Personal Data by using Cookies, such Personal Information including usage behavior, time spent on the Company’s channel, etc. to improve and develop the Company’s website and/or application. Please read the Cookies policy at https://gcme.co.th/th/cookie-policy and/or Cookie Banner Policy at https://gcme.co.th/.

11. International transfer of Personal Data

The Company may transfer your Personal Data to a foreign country located oversea such as the service recipient, other organization related to the Company’s service, etc. In this event the Company shall transfer your Personal Data in accordance with the following circumstance:

11.1 The destination country or international organization that receives such Personal Data shall have adequate data protection standard as prescribed by the Personal Data Protection Committee.
11.2 To transfer the Personal Data to a foreign organization located oversea who is in the same affiliated business or is in the same group of undertaking and the Privacy Policy has been reviewed and certified by the Personal Data Protection Committee.
11.3 In case the Company and a foreign organization provide the suitable protection measures which enable the enforcement of the data subject ‘ s right, including effective legal remedial measures such as the standard contract , procedure , the certified measurement , etc.
11.4 To comply with the law
11.5 To obtain your consent , provided that you have been informed of the inadequate Personal Data protection standard of the destination country or international organization.
11.6 Where it is necessary for the performance with a contract to which you are a party , or in order to take steps at your request prior to entering into a contract. 
11.7 Where it is for the compliance with a contract between the Company and other persons for your interest.
11.8 To prevent or suppress a danger to the life , body , or health of the Data Subject or other person , when you are incapable of giving the consent at such time.
11.9 To carry out the activities in relation to substantial public interest.

12. Contact channels

You can directly contact the Personal Data Protection as the following channels:

E-Mail : [email protected] By hand or by post

Attention: Data Protection Officer

Address : GC Maintenance and Engineering Company Limited 22/2 Pakorn Songkhraorat Road, Tambol Map Ta Phut, Amphoe Mueang Rayong, Rayong 21150, Thailand

The Company may, from time to time, review this Personal Policy. In case of changes thereto, the Company will provide a public notification and the revised Personal Policy will be effective on the announcement date.