|
IR Menu
As Communication & System Solution Public Company Limited recognizes the importance of the Personal Data Protection Act B.E. 2562 (2019) and has been continuously implementing related measures, the protection of personal data is considered part of the Company’s social responsibility and a fundamental element in building trustworthy business relationships. The protection of personal data of employees, customers, business partners, shareholders, contractors, or other stakeholders must be managed in accordance with legal requirements. The Company adheres strictly to this principle, regarding any unauthorized use or disclosure of personal data that may cause harm or identify an individual without consent as a violation of law and Company discipline. Therefore, the Company has established this Personal Data Protection Policy and reaffirms its commitment that:
“The Company shall manage personal data from collection, use, and disclosure, as well as implement internal control systems to ensure compliance with the Personal Data Protection Act and all relevant laws.”
The Company means Communication & System Solution Public Company Limited, or in short “CSS,” including its subsidiaries under CSS’s control, namely CSS Energy Co., Ltd. and Neonworks Communications (Thailand) Co., Ltd.
Personal Data means any information relating to an individual that enables the identification of that person, whether directly or indirectly, in accordance with the Personal Data Protection Act B.E. 2562 (2019) and any future amendments or related laws. It does not include information of deceased persons.
Sensitive Personal Data means personal information concerning race, ethnicity, political opinions, religious or philosophical beliefs, criminal records, health, disabilities, genetic data, biometric data, or any other data of a similar nature that may affect the data subject.
Data Controller means a person or entity with the authority and responsibility to make decisions regarding the collection, use, or disclosure of personal data.
Data Subject means an individual who owns the personal data collected, used, or disclosed by CSS, including but not limited to employees, customers, shareholders, business partners, service providers, and other stakeholders of the Company.
Data Processor means a person or entity that collects, uses, or discloses personal data on behalf of or under the instructions of the Data Controller.
Data Processing means any operation performed on personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission or dissemination, alignment, restriction, erasure, or destruction.
Personal Data Protection Policy
The Company places great importance on the rights and privacy of data subjects and shall implement strict measures to ensure security, confidentiality, and the prevention of unauthorized use of personal data. The Company will collect, use, or disclose personal data only for purposes consented to by the data subject or as required by law, in line with international standards.
The Company shall collect personal data only for specific, lawful, and fair purposes, and only to the extent necessary for the Company’s operations. The data subject will be informed and consent will be obtained in accordance with the Company’s procedures. In cases where the Company collects sensitive personal data, explicit consent will be obtained from the data subject unless exempted under the Personal Data Protection Act B.E. 2562 or other applicable laws.
The Company shall collect or use personal data of data subjects for purposes that support its operations, such as procurement of goods or services, contract management, financial transactions, business activities, communication, or to enhance operational efficiency—such as database management, process analysis, and development. The Company shall retain and use such data only for as long as necessary for the stated purposes or as required by applicable laws.
The Company shall not use the collected data for purposes other than those specified, except in the following cases:
(1) When new purposes have been informed to and consented by the data subject.
(2) When required by the Personal Data Protection Act or other relevant laws.
The Company shall not disclose any personal data to third parties without consent, and shall do so only for the purposes previously informed to the data subject. However, for operational or service-related reasons, the Company may disclose personal data to third-party service providers. In such cases, the Company shall ensure that such parties maintain confidentiality and use the data only within the defined scope.
The Company may also disclose personal data as required by law, including to government agencies, regulatory bodies, or when requested under legal authority—for example, in litigation or other legal processes, or as requested by private entities or individuals involved in legal proceedings.
The Company shall establish appropriate measures, including information security measures, in compliance with applicable laws, regulations, and best practices. The Company shall also promote awareness and responsibility among employees and related parties regarding the collection, storage, use, and disclosure of personal data, ensuring compliance with this Policy and the Personal Data Protection Act effectively.
Data subjects have the following rights:
Data subjects may exercise the above rights by submitting a written request or via email using the prescribed form available at the Company’s contact channel “according to the form provided via the Company’s contact channel”. The Company will review and respond within 30 days from the date of receipt. The Company reserves the right to deny such requests when permitted by law.
The Company requires all relevant departments and personnel to strictly adhere to this Policy and related guidelines when collecting, using, or disclosing personal data. As the data controller, the Company shall monitor compliance with its policies, coordinate with the Personal Data Protection Committee, and ensure that all actions comply with the Personal Data Protection Act B.E. 2562.
Any person responsible for duties related to personal data who neglects, omits, or acts in violation of this Policy or related practices resulting in legal violations or damages shall be subject to disciplinary action in accordance with Company regulations. The Company shall not compromise in such cases, and the offender shall be liable under applicable laws. If the violation causes damage to the Company and/or others, legal action may be taken accordingly.
The Company may revise or update this Policy from time to time to ensure compliance with laws, operational changes, or feedback from relevant authorities. The Company will publicly announce any such changes before they take effect.
If you have any questions regarding this Personal Data Protection Policy, wish to exercise your legal rights, or wish to file a complaint concerning the Company’s handling of your personal data, please contact:
Company Name: Communication & System Solution Public Company Limited
Address: 329 Moo 3, Banmai Subdistrict, Pak Kret District, Nonthaburi Province 11120, Thailand
Company Website: https://www.cssthai.com
Call Center: 02-018-1111 #5502
Email: audit_com@cssthai.com
This Policy shall take effect from January 1, 2025 onwards.
เว็บไซต์ cssthai.com มีการเก็บ Cookies ซึ่งเป็นการจัดการข้อมูลส่วนบุคคลและช่วยเพิ่มประสิทธิภาพการใช้งานเว็บไซต์ คุณสามารถอ่านข้อมูลเพิ่มเติมได้ที่หน้า Cookies Notice
