Bridgestone Sales (Thailand) Co., Ltd., a company incorporated under Thai law, having its registered offices at no. 990, Abdulrahim Place, Fl. 16th, Rama IV Road, Silom, Bangrak, Bangkok and with the company registration number 0105533121519, and its subsidiaries, having its registered offices in Thailand (“we”, “us” or “our”), process Personal Data that we collect from or about “you”.
Since we are based in Thailand, we process your Personal Data in compliance with applicable data protection laws of Thailand, including the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”) and other applicable laws.
1. What is Personal Data?
Personal Data is information relating to you that directly or indirectly identifies you (the user of the Service) as an individual, indirectly meaning when combined with other information, for example, your name, username, postal address, email address and phone number, a unique device identifier such as the IMEI or the MAC-address or the IP address, etc. by which such interpretation shall be consistent with the meanings set forth in the PDPA.
2. How and why do we collect Personal Data
a) Information that you give us
Through your use of the Services, we may collect your Personal Data. In any case, you will be either asked to explicitly consent to collection and further processing of your Personal Data or at least be informed that such processing is based on another lawful basis. We will use your Personal Data for the purposes as described below or described when we are seeking your consent. We do not collect and process more or other types of Personal Data than necessary to fulfill the respective purposes. We will only use Personal Data as set forth in this Policy, unless you have specifically provided your consent to another use of your Personal Data. If we intend to use your Personal Data for purposes other than we originally collected them for, we will inform you in advance and, in cases where the processing is based on your consent, use your Personal Data for a different purpose only with your permission.
In case we rely on your consent to process your Personal Data, you will have the right to withdraw it at any time, unless there is a restriction on the withdrawal of consent by law or pursuant to a contract which gives benefits to you. The withdrawal of your consent will not affect the lawfulness of processing based on consent before such withdrawal.
Each registration form will indicate what kind of Personal Data we collect - various purposes may require collection of various Personal Data, for instance:
• Basic Personal information e.g. name, gender, date of birth, passport or other personal identification numbers, images, photographs, videos, biography, resume or CV, etc.
• Contact information e.g., address, phone number, email address, etc.
• Payment information e.g. credit or debit card information, including the name of cardholder, card number, billing address and expiry date, etc.
• Sensitive Data e.g. medical records, allergies, health conditions, etc.
• Feedback information e.g., feedback, complaint, survey, etc.
• Log data and device information e.g., IP address, cookies, etc.
• Tyre services information e.g., driving license, driver-behavioral data, etc.
• Membership information e.g., username, password, etc.
• Others e.g. any Personal Data stipulated or controlled by the laws of Thailand
b) Information we get from your use of our Services
We are constantly seeking to improve your experience when you visit our websites or when you are interacting with us through other means.
Through your interaction with us and your use of the Services, we may collect Personal Data. Personal Data we collect may include, but not be limited to:
• Your activity on our website and mobile apps. This is data about your browsing activity (the pages you visited and the time of your visit, the preferred language, what items were clicked on a page, how much time you spent on a page, what items you place in your shopping basket in our webstore, what products and Services you purchased, and how much was paid).
• Device and browser information. This is technical data about the device or
browser you use to access our website (e. g. IP address, HTTP headers and other internet transfer protocol signals, user-agent strings, device type, screen resolution, device geolocation, operating system version and device identifiers, such as Apple IDFA or Android Advertising ID).
• Cookies, web beacons and similar technologies. Cookies are small, usually randomly encoded, text files placed on your computer or device that help your browser navigate through our website. Web beacons are tiny images or objects embedded in a web page or email and are usually invisible to you, but allow us to verify whether you have viewed the web page. Web beacons generally function in combination with cookies and we use the two in the same manner. Please also refer to our Cookies Policy for full details regarding cookies and web beacons used at our website, including their management, specific purposes, categories of data they help to store and periods they are active for.
• Your activity on customer service centers. This is data about your contact for our assistance. We may collect and process information about your enquiry during the telephone discussion, including your name, contact information (including email address and/or telephone number), the name of your organisation and any personal information you volunteer that is relevant to your enquiry, the product(s) you bought, reason to why you contacted us and the advice we gave you.
• Your activity when interacting with us through other means. This includes Personal Data we collect and process when you submit your Personal Data to us or agree to our usage terms and conditions through any other means for any purposes for which we wish to use your Personal Data that are not listed above.
3. What do we do with your Personal Data
Depending on your use of the Services, we may collect and use your Personal Data for the following purposes (“Purposes”):
• Registering you as a user of the Services and providing you with the contracted Services;
• Complying with laws and regulations;
• Pursuing our legitimate business interests;
• Communicating and responding to your requests and inquiries to us;
• Delivering functionality on our website and for its technical and functional management;
• Ensuring that the Services’ content is presented to you in the most effective manner for you and your device;
• Engaging in transactions with customers, suppliers and business partners and to process orders for our products and services;
• Processing and handling complaints or requests;
• Researching and analyzing the market as well as customers’ use of our products and services (e.g. sensor-based analytics of tyre and vehicle data; asking your opinion on our products and services or by asking you to complete a survey or questionnaire);
• Helping us in evaluating, correcting and improving our products and services;
• Internal filing;
• Marketing our products and services or related products, including providing you with information from us (see section below on direct marketing);
• Analyzing, developing, improving and optimizing the use, function and performance of our Services;
• Customer profiling and segmentation based on demographic, geographic and behavioral characteristics, in order to better understand the interests and preferences of our (potential) customers, and so communicate with them more effectively;
• Managing the security of websites, network and system;
• Interacting with you on third party social media;
• Organizing contests, competitions and/or other promotional activities;
• Recruitment (if you have provided us information in this regard);
• Notifying you about certain changes to our Services;
• Upholding our security standard when you enter into our premises and for any other security purposes which we may have; and
• Sharing your Personal Data between Bridgestone Group members located both domestically and internationally and to any other organizations to the extent where necessary or permissible by the laws of Thailand.
We shall not collect Personal Data that are not relevant for the purposes as set out above or otherwise notified to you when we seek your consent for the processing of your Personal Data, and shall not retain the data longer than necessary for those purposes or, as the case may be, for the period as determined in an agreement or by law.
This means that we use your Personal Data:
• until you, as the data subject, objects to such processing and the option to object will be provided in each communication - in case we process your Personal Data based on our legitimate interest in cases where the objection is justified (e.g. direct marketing activities if applicable);
• until the expiration of our legitimate interest in case we process your Personal Data
in order to secure our legitimate interest in case the objection is not justified, e.g. to secure execution of possible obligations and to prevent a fraud;
• as long as the legal obligation is in place - in case we process your Personal Data based on the legal obligation;
• as long as the service and/or action requested by you is completed or you withdraw from the service/action - in case we process data in connection with services we render to you and there is no other purpose for keeping the data; and
• until the consent for processing is withdrawn – in case we rely only on your consent
for processing the user’s Personal Data and there is no legal interest for keeping Personal Data (and the option to withdraw the consent will be provided in each communication).
In general, we will delete the Personal Data we collected from you if it is no longer necessary to keep such Personal Data to achieve the purposes for which they were originally collected. However, we may be required to store your Personal Data for a longer period due to requirements by law.
4. The confidentiality and security of your Personal Data
All Personal Data we are collecting from you is stored within a secured infrastructure under our management, with support of external suppliers as described in section 5 of this Policy.
We take data security very seriously. We apply an appropriate level of security and have therefore implemented reasonable physical, electronic, and administrative procedures to safeguard the information we collect from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed. Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements. Access to your Personal Data is granted only to those personnel, service providers or our affiliates with a business need-to-know or who require it in order to perform their duties.
Among other things, we optimize the security of your Personal Data by:
• using encryption where appropriate;
• using password protection;
• requesting contractual guaranties and/or any other means of safeguard declaration from third parties;
• limiting the access to your Personal Data according to the need-to-know principle (e.g., only employees who need your Personal Data for the Purposes as described above shall receive permission to access them); and
• taking all reasonable precautionary measures to ensure that our employees and associates who have access to your Personal Data will be trained in data protection requirements and will process your Personal Data exclusively in accordance with this statement and our obligations under applicable privacy laws.
In the event of a data breach containing Personal Data, we will follow all applicable data breach notification laws.
5. To whom do we disclose your Personal Data?
We will disclose your Personal Data only for the purposes and to those third parties, as described below. We will take appropriate steps to ensure that your Personal Data is processed, secured, and transferred according to applicable law.
a) Whitin Bridgestone Group
We are part of a global organization (the “Bridgestone Group”) consisting of several companies in Thailand and abroad. Your Personal Data may be transferred to one or more Bridgestone Group affiliated companies located in or outside Thailand as needed for data processing and storage, providing you with access to our Services, providing customer support, making decisions about Service improvements, content development and for other Purposes as described in this Policy.
The above will be strictly connected with:
• any kind of service that is rendered by one Bridgestone company to another (under relevant processing agreement); or
• the fact that more than one Bridgestone entity decides on how your Personal Data is used (under a relevant joint controllership agreement); or
• the fact that another Bridgestone entity becomes a separate controller of your data for a given Purpose (e.g. based on your specific consent).
b) External service providers
Where necessary, we will commission other companies and individuals to perform certain tasks contributing to our services on our behalf within the framework of data processing agreements. We may, for example, provide Personal Data to agents, contractors or partners for data processing services or to send you information that you requested. We will only share or make accessible such information with external service providers to the extent required to process your requests. This information may not be used by them for any other purposes, in particular not for their own or third-party purposes. Our external service providers are contractually bound to respect the confidentiality of your Personal Data.
c) Business transfers
In connection with any reorganization, restructuring, merger or sale, or other transfer of assets (collectively "Business Transfer"), we will transfer information, including Personal Data, in a reasonable scale and as necessary for the Business Transfer, and provided that the receiving party agrees to respect your Personal Data in a manner that is consistent with applicable data protection laws. We will continue to ensure the confidentiality of any Personal Data and give affected users notice before Personal Data becomes subject to a different privacy statement.
d) Public bodies
We will only disclose your Personal Data to public bodies where this is required by law. We will for example respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence.
e) On other legal grounds
Further, we may disclose your Personal Data in order to protect our legitimate interests or if it is required or permitted by law or if you give your explicit consent for such transfer of your Personal Data.
f) International transfers of Personal Data
Under specific circumstances, it will also be necessary for us to transfer your Personal Data to foreign countries (“Third Countries"). Transfers to Third Countries may refer to all processing activities described in this Policy.
When transferring your Personal Data outside Thailand, we will comply with our legal and regulatory obligations in relation to your Personal Data, including having a lawful basis for transferring Personal Data and putting appropriate safeguards in place to ensure an adequate level of protection for the Personal Data. We shall make sure that the destination which your Personal Data has been sent to shall at least committed to the standard of the Thai laws.
Our lawful basis for the transfer will be either consent (i.e. we may ask for your consent to transfer your Personal Data outside Thailand at the time you provide your Personal Data) or one of the safeguards permissible by laws.
6. Direct Marketing
While using our Services, you may be asked to indicate whether you wish to receive certain marketing information by phone, text message, email and/or mail. If you do so, you thereby agree that we may use your Personal Data to provide you with information about its products, promotional activities and special offers as well as with any other information about our products or services.
At any given time, you may change your preferences regarding Direct Marketing by using the opt-out option contained in every direct marketing mailing, contacting us using the contact details provided below or, if applicable, by adapting your account information.
7. User rights wiht regards to Personal Data
As a data subject you have specific legal rights relating to the Personal Data we collect from you. This applies to all processing activities stipulated in this Policy. We will respect your individual rights and will deal with your concerns adequately.
The following list contains information on your legal rights which arise from applicable data protection laws:
· Right to be informed: you have the right to be informed about the collection and use of your Personal Data including our purposes for processing your Personal Data, retention periods for that Personal Data, and who we will share your Personal Data with.
· Right to rectification: you may obtain from us rectification of Personal Data concerning you. We make reasonable efforts to keep Personal Data in our possession or control which are used on an ongoing basis, accurate, complete, current and relevant, based on the most recent information available to us. In appropriate cases, we provide self-service internet portals where users have the possibility to review and rectify their Personal Data.
· Right to restriction: you may obtain from us restriction of processing of your Personal Data, if:
o you contest the accuracy of your Personal Data for the period we need to verify the accuracy;
o the processing is unlawful and you request the restriction of processing rather than erasure of your Personal Data;
o we no longer need your Personal Data but you require such data for the establishment, exercise or defense of legal claims; or
o you object to the processing while we verify whether our legitimate grounds override yours.
· Right to access: you may ask from us information regarding Personal Data that we hold about you, including information as to which categories of Personal Data we have in our possession or control, what they are being used for, where we collected them, if not from you directly, and to whom they have been disclosed, if applicable. You may obtain from us one copy, free of charge, of Personal Data we hold about you. To the extent permitted by law, we reserve the right to charge a reasonable fee for each further copy you may request.
· Right to portability: At your request, we will transfer your Personal Data to another controller, where technically feasible, provided that the processing is based on your consent or necessary for the performance of a contract. Rather than receiving a copy of your Personal Data you may request that we transfer the data to another controller, specified by you, directly.
· Right to erasure: you may obtain from us erasure of your Personal Data or anonymization of your Personal Data, where:
o the Personal Data are no longer necessary in relation to the Purposes for which they were collected or otherwise processed; or
o You withdraw the consent on which the collection or processing is based, and where we have no legal ground for such collection or processing; or
o You have a right to object further processing of your Personal Data (see below) and execute this right object to the processing; or
o the Personal Data has been unlawfully processed.
The above does not apply to the extent that such Personal Data retention is necessary for the purpose of freedom of expression, for the performance of a contract, the purpose of establishment, compliance or exercise of legal claims, or defense of legal claims, or other purposes permissible by and in compliance with the law. Furthermore, if you decide to revoke your permission given to Bridgestone to provide you with any marketing and advertising content, please note that we may still be required to send you emails, mails, calls, facsimiles and/or any other form of communication regarding factual transactional and/or service information in connection with products or services that Bridgestone provided to you or the organisation through whom you are known to us.
· Right to object: you may object – at any time – to the processing of your Personal Data due to your particular situation, provided that the processing is not based on your consent but on our legitimate interests or those of a third party. In this event we shall no longer process your Personal Data, unless we can demonstrate compelling legitimate grounds and an overriding interest for the processing or for the establishment, exercise or defense of legal claims. If you object to the processing, please specify whether you wish the erasure of your Personal Data or the restriction of its processing by us.
· Right to lodge a complaint: In case of an alleged infringement of applicable privacy laws, you may lodge a complaint with the data protection supervisory authority, including the Personal Data Protection Commission of Thailand.
To the extent permitted by law, we will try to fulfill your request within an appropriate period or any other period stipulated by the laws of Thailand. However, the period may be extended due to specific reasons relating to the specific legal right or the complexity of your request.
In certain situations we may not be able to give you access to all or some of your Personal Data due to statutory provisions. If we deny your request for access, we will advise you of the reason for the refusal.
If you have any questions about this Policy or want to exercise your rights set out in this Policy, please submit your request at: https://privacy.bridgestone.co.th or contact us at our address: 990 Rama IV Rd., Silom, Bangrak, Bangkok 10500
If you believe that the processing of your Personal Data infringes your statutory rights, you have the right to lodge a complaint with a data protection supervisory authority.
We do not specifically target our Services at minors. However, we may from time to time collect and process Personal Data relating to individuals under the age of 20. Where we do so, we will comply with all applicable laws and regulations relating to the processing of Personal Data of minors.
However, if you are under the age of 10, you must ask a parent or guardian for permission before using our Services. Individuals under the age of 10 should not provide us with their Personal Data without the consent and supervision of their parent or guardian. Without such permission, we do not wish to save Personal Data from such individuals, nor process or forward such data to any third parties. If we become aware that Personal Data from under aged persons was inadvertently collected, we will delete such data without undue delay.
10. Sensitive Data
We will not process special categories of Personal Data concerning you ("Sensitive Data") except where we are able to do so under applicable laws or with your explicit consent. Sensitive Data refers to Personal Data pertaining to racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or of any data which may affect the data subject in the same manner.
11. Period for retaining the Personal Data
We will retain Personal Data for the period necessary to fulfil the Purposes for which the Personal Data was collected, or any other period regulated by the laws of Thailand (including but not limited to the PDPA). We may then destroy such files without further notice or liability.
If any Personal Data is only useful for a short period (e.g. for a specific event or marketing campaign or in relation to recruitment or security purposes, etc.), we may delete it at the end of that period.
If you have opted out of receiving marketing communications from us, we will need to retain certain Personal Data on a suppression list indefinitely so that we know not to send you further marketing communications in the future.
12. Changes to this Policy
To the extent permitted by law, we reserve the right, at our discretion, to modify our privacy practices and update and make changes to this Policy at any time. We may also make changes as required to comply with changes in applicable law or regulatory requirements. For this reason, we encourage you to refer to this Policy on an ongoing basis. This Policy is current as of the "last revised” date which appears at the top of this page. We will treat your Personal Data in a manner consistent with the Policy under which they were collected, unless we have your consent to treat them differently.
We will also keep prior versions of this Policy in an archive for your review.