Personal Data Protection Act

Federal Electric Corporation Limited (“Company”) exceptionally respects the privacy of our clients, shareholders, employees and all other stakeholders associated with our firm. Therefore, in order to ensure that all individuals are protected by the Personal Data Protection Act (PDPA 2019), Boards of directors of Federal Electric Corporation Limited has thus authorized the use of privacy policy for protection of individual information. The policy is contemplated to provide the company with regulations, mechanisms, controlling procedures and management of personal information in evident and suitable manners.

1. Scope of Enforcement: This personal data protection act is enforced with company, employees and other stakeholders in association with the data processing of an individual as per order or on behalf of the company.

2. Definitions

  • 2.1 Processing means any kind of conducts with regards to personal data such as collection, record, system arrangement, structure building, storage, improvement, amendment, file recovery, using, broadcasting, forwarding, disseminating, transferring, putting together, erasing and destroying.
  • 2.2 Personal Data means any information pertaining an individual which enables to identify the identity for such person, either directly or indirectly, for example, name, surname, e-mail, telephone number, IP address, picture, race, relation, political thoughts, genetic information and biometric data.
  • 2.3 Data Subject means any typical person that the personal information can detect the identity of such person, either directly or indirectly. 
  • 2.4 Data Controller means any typical person or juristic person with the authority to make decision about the processing of personal data.
  • 2.5 Data Processor means any typical person or juristic person who undergo the processing of personal data by commands or on behalf of the company.
  • 2.6 Company means Federal Electric Corporation Limited.2. Definitions

3.Policy for protection of personal information: With Regards to Regulating the Protection of Individual Information

  • 3.1 The company will set up the structure for regulating personal information in order to outline methods and procedures which are suitable in the intracompany legal as follows;
    (1) Assign the organizational structure, including role appointment, mission and responsibility of unit and according operators with clearness in order to construct the mechanisms used for monitoring, controlling, responsibility, work operations, enforcement and complying with the Personal Data Protection Act. This includes the protection of personal data for the company.   
    (2) Appoint the officer to protect personal data of the company with roles and responsibilities as stipulated in personal data protection policy of the company, which has been announced by the panel of committee.
  • 3.2 The company will set up policy, standards, guidelines, procedures and other documents in association with the Personal Data Protection Act as well as personal information protection policy established by the company.
  • 3.3 The company will set up the managing procedures to adhere the policy to regulate the compliance with the personal data protection policy on a continual basis. 
  • 3.4 The company will continuously provide training for employees in order to ensure that company’s employees will realize the significance of personal data protection as well as make sure that all employees have been trained to understand the protection of personal data and procedures to follow through in regard to protection of personal data policy.  

4. Policy for protection of personal information: With respect to evaluation of the personal data

  • 4.1 The company will process personal data in term of both protection of personal information controller and the processor with personal information, which is measured to be legally precise, justice, transparent and considered to be the accuracy of personal data. The process will be undertaken as deemed necessary under the conditions of legal procedures and approach for processing business. Moreover, the company will proceed the protection of confidentialities, correctness and safety of information of each individual sufficiently.
  • 4.2 The company will set up mechanism and control for management of personal information in all steps, which complied with laws and policy for personal data protection.
  • 4.3 The company will create and keep the personal data processing information which will record the related entries and activities complied with the laws as well as updating information for the further changes.
  • 4.4 The company will set up the clear mechanism to ensure all objectives, collection and details of processed personal information as well as requesting for consent from the owner of personal information according to laws. This includes regulations and examinations in such matter.
  • 4.5 The company will set up the mechanism in examining the accuracy of personal data, including the mechanism for rectification of individual data.
  • 4.6 In case of sending, transferring, or conferring personal information to others. The company will arrange an agreement with the recipient or set up the rights and duties adhered to the laws and personal information protection policy.
  • 4.7 In case the company sending or transferring the personal data to overseas, the company will be in compliance with the laws.
  • 4.8 The company will destroy personal data after the specified period. The company will act accordance with the laws and the company’s operation policy.
  • 4.9 The company will evaluate and set procedures to mitigate the risk as well as minimize the effects that will happen to the processing of personal information. 

5. Policy for protection of personal information: With respect to support the rights of using own personal information

The company will arrange regulations, channels, and procedures for the letting owners of personal data use the personal information compliance with the laws. This includes the recording and assessing the feedbacks towards the request to use the right of personal data owner.

6. Policy for protection of personal information: With respect to the safety protection of personal information

  • 6.1 The company will sufficiently establish the safety and security of personal information. This includes the undertaken protection to prevent the leaking of personal information and the arbitrary use of personal information. 
  • 6.2 The company will set up policy that will manage any unusual occurrences associated with personal information and approach the guidelines for handling unusual situation in order to identify and manage the unusual occurrences which related to personal information in the timely manner.
  • 6.3 The company will organize the process of notifying the personal data owner as well as government officers who control the personal information (in case that the company is the processor of the individual or the controller of the information together) or other associated parties to be in compliance with the laws. 

7. Policy for protection of personal information: With respect to regulate the implementation of the compliance with the personal data protection procedures

  • 7.1 The company will arrange the follow-up procedures in case of any laws’ change as well as the improvement of protection procedure to be most updated and comply with the laws.
  • 7.2 The company will review and update the policy, operational standards, guidelines, procedures and other documents with regard to the protection of personal information on a continual basis in order to be timely abided to law and situations in different timeframe. 

8. Roles, Duties and Responsibilities

  • 8.1 Panel of committee are in compliance under the roles, duties and responsibilities as followed
    (1) Supervise for the existence of control of personal data and internal control to comply with the law and the personal data protecting policy .
    (2) Supervise and control the company to undertake the protection of personal information efficiently and be compliance with the laws.
  • 8.2 The management are in compliance under the roles, duties and responsibilities to monitor and control the subordinates the comply the personal data protection policy as well as creating the awareness about the law.
  • 8.3 Officers who maintain the personal information confidentiality of the company are in compliance under the roles, duties, and responsibilities abided by law, which also includes other following;
    (1) Report the status of the personal data protection to the controller in a consistent manner and arrange the recommendations for the improvement of the personal data protection and ensure the information is up to date and compliance with the law.
    (2) Provide the suggestions to the employees about the compliance with the laws as well as the company policy related with personal data protection.
    (3) Examine the operation of the related sections according to law and personal data protection policy.
  • 8.4 Employees of the company are in compliance under the roles, duties and responsibilities as followed;
    (1) Comply with personal information protection policy by the company, standards, guidelines and procedures and other documents which are involved with personal information protection.
    (2) Report of any unusual circumstances which involved with the protection of personal information and fail to comply with the law to the manager or a person in charge.

9. Penalties for failing to comply with the personal data protection policy of the company

Failures to comply with the personal data protection policy of the company will result in finding to be guilty and disciplinary punishment as imposed by laws.

10. Company Contact

Any enquiries or uncertainties, please contact our company at dpo@fec-corp.co.th or as the following address.

Federal Electric Corporation Limited

64/1 House, Village No. 4, King Kaew St., Racha Thewa, Bang Phli, Samut Prakan 10540

Telephone No. +66 2 312 4190-5, +66 2 750 3993-4

This announcement has become effective from December 31st, 2022 onwards.


Requirements and Personal Rights

In order to comply with the Personal Data Protection Act B.E. 2562 (A.C. 2019) for people in general, the entrepreneur and employees, both government and private sectors, should study the roles and the rights of the person who involved with the information, which are divided into 3 categories as followed; 

1. General people as the owner of personal data: should realize and understand the rights of their own, read the requirements and objectives carefully before giving any information

What are the rights of the personal data owner?

  • Right to be notified information for acknowledgment
  • Right to request for accessing to the personal information
  • Right to request for transferring the personal information
  • Right to reject the collection, compilation, usage and disclosure of personal information 
  • Right to request for erasing, destroying, or making the personal information become unidentifiable
  • Right to request for suspension of the use of information• Right to request for amendment of personal information

Herewith, the record should be kept throughout. In case of discovering the misuse of personal data which results in a wrong objective agreed in the first place, the information can be used as evidence for filing complaint to the data controller.

2. Data Controller: Data controller is defined by a person or juristic person with authority to make decision in collecting, using or disclosing the personal data, in accordance with the aforementioned act.

3. Data Processor: Data processor is defined by a person or juristic person who undertakes the collection, usage and disclosure of the personal date. Their duties are to keep, use or reveal the information according to the order or under the authority data processor. They have to undergo the measures in maintaining the safety of the data in the most suitable way, organize and keep the records. In case of violation, the action must be informed to the data processor for their notice. This Personal Data Protection Act B.E. 2562 (A.C. 2019) will be enforced with the entrepreneur in Thailand who collect, use or reveal information either domestically or internationally. Any wrongdoers will be punished according to the law stipulation. Thus, any officer involved should act their best to strictly protect the personal data of the officers. 

Penalty for the offender
 

Criminal sentences

Civil Penalties

Administrative Penalties

- The maximum Imprisonment not exceed one year 
- The maximum fine not exceed one million THB
- Compensate for actual damages including the punitive compensation up to twice of the actual damages - The maximum fine not exceed five million THB