Suntory

EN TH

Follow

Follow

EN TH

POLICY

Our Privacy Policy has been set out to be in line with PDPA and other related laws. This privacy policy describes how, what and why SPBT collects, uses, discloses or processes the personal data, the business partners’ rights relating to personal data, how long SPBT retain the personal data, what steps SPBT will take to make sure the personal data stays private and secure, who SPBT disclose your personal data to, and how to contact SPBT.

Privacy Policy


We, Suntory PepsiCo Beverage (Thailand) ("SPBT"), care about your privacy and are committed to respect them to the best of our ability. This Privacy Policy describes how, we collect, use, disclose or process your personal identifiable information ("Personal Data"),

This Privacy Policy is in line with all laws, regulations and other legal requirements, including but not limited to, the Thailand's Personal Data Protection Act B.E. 2562 ("PDPA") and the sub-regulations which are relevant to the collection, use and/or disclosure of Data (as amended and/or changed from time to time) (hereinafter referred to as "Personal Data Protection Law"). We will notify you if there are any changes to our purpose of processing your Data to ensure compliance with the Personal Data Protection Law.

Please note that some of the links on our platform may lead to third party's platforms, and if you access these platforms, your Personal Data will then be processed under the third party's policies. Make sure that you have read and are satisfied with those privacy policies when accessing such platforms.

"Process" or "processing" means any operation or set of operations which is performed on Personal Data, including the collection, use, or disclosure of the Data.

"Sensitive Personal Data" means a special category of Personal Data under the Personal Data Protection Law consisting of racial or ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behaviour, criminal records, health data or disability condition, trade union information, genetic data and biometric data or of any data which may affect the data subject in the same manner, as prescribed by the Personal Data Protection Committee.

1. What Personal Data we collect
We may process the following types of Personal Data, received directly from you, or indirectly from other sources (such as our candidates, employees, distributors, customers, consumers, suppliers, service providers, other business partners, third parties (e.g., hospitals, the Royal Thai Police, other government agencies) or publicly available sources). The type of Personal Data collected will depend on the communication and interaction between you and us, including but not limited to:

  1. Personal details, such as title, full name, gender, age, nationality, date of birth, blood type, signature, information on government-issued cards (such as national identification card, passport), marital status, photographs, video, and voice records;
  2. Contact details, such as postal address, email address, telephone number, other social media contact details;
  3. Social media and consumer behavior details, such as information about you and your behavior when you interact with any media about our products and/or services via various social media networks, such as when you "Like" us on Facebook, follow us, send us a message or share our content on Facebook;
  4. Financial details, such as financial status and other financial related information;
  5. Transaction details, such as payment date and time, purchased items and payment amount, transaction status and history;
  6. Computer system, device and equipment details, such as IP Address, audit log, operating system, network information of the mobile, computer traffic information, and/or information of the use of service on website and application;
  7. Personal Data from CCTV such as images, video or audio recordings captured within the Company's premises and/or properties, including Personal Data relating to the use of such areas.
  8. Other Sensitive Personal Data related to the filing of or providing evidence for consumer complaints and speak up reports;
  9. Sensitive Personal Data, such as Sensitive Personal Data from national identification card (such as religion), criminal records, health data, medical certificates, disability and biometric data.

Please note that if you do not provide your Personal Data, the Company may not be able to provide you with the requested products or services or fulfill its obligations to you or comply with applicable legal obligations.

If you have provided Data of any third party to us, please provide this Privacy Policy for their acknowledgement and/or obtaining consent where consent is required when no other legal basis can be relied on.

We may occasionally collect the Personal Data of minors, quasi-incompetent persons and incompetent persons. If you are a minor, quasi-incompetent or incompetent person wishing to engage in a relationship with us, you must obtain consent from your parent or guardian prior to contacting us or giving us your Personal Data when the consent is required by law. In the event we learn that we have unintentionally collected Personal Data from anyone under the age of 20 without parental consent when it is required, or from quasi-incompetent and/or incompetent persons without consent from their legal guardians when it is required by law, we will delete it immediately or collect, use and/or disclose it only if we can rely on other legal bases apart from consent.

2. How we collect and use your Personal Data
We only collect and use your general Personal Data and/or Sensitive Personal Data where it is necessary or there is a lawful basis for collecting and using it. These reasons include:

For general Personal Data, the Company will process such Personal Data based on the following legal basis:

  1. To prepare historical documents or archives for the public interest, or in relation to research or statistics;
  2. Believing that the use of your general Personal Data is of vital interest or to prevent or avoid danger to a person's life, body or health;
  3. Believing that the use of your general Personal Data is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;
  4. Believing that the use of your general Personal Data is necessary for the performance of our task carried out in the public interest or in the exercise of official authority vested in us;
  5. Believing that the use of your general Personal Data is necessary for the legitimate interests pursued by us or by a third party (e.g. ensuring security and business continuity, providing high standard services, improving our products and services and undertaking product development), unless the interests are overridden by your interests or fundamental rights and freedoms;
  6. Believing that the use of your general Personal Data is necessary for compliance with a legal obligation to which we are subject.

For Sensitive Personal Data, the Company will process such personal data on the following legal bases:

  1. Believing that the processing of your sensitive personal data is necessary to prevent or suppress a danger to a person's life, body, or health where the data subject is incapable of giving consent.
  2. Believing that the processing of sensitive personal data is necessary for the establishment, compliance, exercise, or defense of legal claims.
  3. Believing that the processing of sensitive personal data relates to data which has been manifestly made public by the data subject with explicit consent.
  4. Believing that the processing of sensitive personal data is necessary for compliance with the law to achieve purposes relating to preventive medicine or occupational medicine, public health, labor protection, social security, scientific, historical, or statistical research, or other important public interests.

Apart from the mentioned lawful basis, we may process your general Personal Data and/or Sensitive Personal Data on the ground of consent. If we need to ask for your consent, we will make it clear what we are asking for and ask you to confirm your choice to give us that consent. If we cannot provide a service or product without your consent to process your general Personal Data and Sensitive Personal Data, we will make this clear when we ask for your consent.

In general, the reasons for processing your Personal Data are as follows:

2.1. Our contract with you
We will process your general Personal Data in accordance with the agreement between you and us, which may include the following reasons:

  1. Executing an agreement for business operation of the company including but not limited to a supply agreement, a distribution agreement, a lease agreement, an employment agreement, a sale and purchase agreement, a service agreement, a purchase order, a non-disclosure agreement, a letter of intent, a memorandum of understanding, a letter of indemnity, and etc.;
  2. Exercising rights or performing obligations under an agreement including but not limited to a supply agreement, a distribution agreement, lease agreement, an employment agreement, a sale and purchase agreement, a service agreement, a purchase order, a non-disclosure agreement, a letter of intent, a memorandum of understanding, a letter of indemnity, and etc.;
  3. Receiving orders, delivering our products and/or services, ensuring consumers' and customers' satisfaction of our products and services, responding to consumer's enquiries regarding the products and services as well as providing business support to our business partners including distributors for resale of our products to secondary customers and end consumers through any channels including online, offline, telesales, etc.; and
  4. Participating in activities reorganize by, co-organized by, or on behalf of us for promoting our products, consumer or customer promotion, consumer research, sales activation, brands building, events organized by our affiliates, appointed third party and/or others with our sponsorship e.g. lucky draw activity, Pepsi Fanclub activity, Pepsi Promotion activity, running activity, Gatorade 5v5.

2.2. Our legitimate interests
We rely on the legitimate interests basis by balancing the nature of your general Personal Data that we process with the normal reasonable expectations and provide safeguards to reduce any negative impacts on your fundamental rights and freedoms. This may include processing your general Personal Data to:

  1. Process the recruitment and provide job offers to candidates;
  2. Approach for vendor selection process, third party due diligence process, and procure supply and/or services;
  3. Receive complaints, proceed for investigate claims, connect to report the results of claims, compensation or complimentary distribution, report for internal use and make public communications;
  4. Ensure security and safety of persons and properties in our responsibility;
  5. Engage and communicate business transactions, engage in marketing and selling our products, promotions, campaign, activities, events, lucky draw and activations as well as provide business support to our business partners including distributors, agencies including report for internal use and make public communications;
  6. Monitor sales performance, market analysis, production plan, sale and marketing strategy and planning as well as seeking for new route to market or distribution channels, conduct market research, consumer's behaviour analysis, report for internal use and do telesales;
  7. Process training to our business partners, distributors, and others;
  8. Conduct vendor selection, bidding, and third party due diligence (TPDD);
  9. Connect to third party and competent authorities for tax and privilege purpose from sales, marketing and consumers activities including business operations activities provide the equipment support as well as the maintenance service to the equipment including provide the products knowledge;
  10. Investigate suspected misconduct activities reported by or against you or third party via Speak-Up including investigation of witness to the misconduct activities;
  11. Establish, comply, exercise or defend legal claims against you including initiate litigation action.

2.3. Our legal obligation
We are regulated by many laws and regulations, and to fulfil our legal requirements, it is necessary to collect and process your general Personal Data and/or Sensitive Personal Data for the purposes of compliance with laws and regulatory obligations e.g. Labour Protection Act, B.E. 2541, Social Security Act, B.E. 2533, Workmen's Compensation Act, B.E. 2537, Consumer Protection Act, B.E. 2522, Liability for Damage Arising from Unsafe Products, B.E. 2551, Revenue Code, Anti-Money Laundering Act, B.E. 2542 and etc.

2.4. Our legal claims
We may rely on the legal claims basis to process your Sensitive Personal Data to establish, comply, exercise or defend legal claims against you or initiate litigation action to protect our interests.

2.5. Consent
Normally, we will not process your general Personal Data and Sensitive Personal Data if we do not have any legal basis to do so. However, in some cases we will ask your consent to collect, use, disclose or process your general Personal Data and Sensitive Personal Data. This may include certain processing of your general Personal Data and Sensitive Personal Data under the following circumstances, for which we cannot rely on other legal bases:

  1. We intend to collect, use, disclose, transfer or process your general Personal Data or Sensitive Personal Data for our business operation, product improvement and marketing activities;
  2. We intend to collect, use, disclose, transfer or process your general Personal Data or Sensitive Personal Data received transfer from others for our business operation, product improvement and marketing activities;
  3. We intend to transfer your general Personal Data or Sensitive Personal Data overseas and the destination country has lesser data privacy standards; and
  4. When the data subject is classified as a minor, quasi-incompetent or incompetent of which the consent will be requested from their legal representatives, guardians or curators, as the case may be.

We will send you relevant marketing information including details of products provided by us, our affiliates, or business partners which we believe you will be interested in, by mail, phone, email, text and other forms of communication. If you change your mind about how you would like us to contact you or you no longer wish to receive this information, you can tell us anytime by following our withdrawal process. Withdrawal of consent shall not affect the collection, use, or disclosure of personal data that you have already validly provided. Your withdrawal of consent may affect certain processing activities that rely on your consent, and you may not be able to receive certain products or services from the Company that require your consent.

Failure to provide certain Personal Data to us may result in us not being able to perform certain activities described in this Privacy Policy, to provide our products and services to you, or to perform our legal obligation.

3. Informing you of our collection of all your Personal Data
Sometimes it is not necessary for us to inform you about Personal Data collection for purposes different from those previously notified to you, such as when:

  1. You are aware of such new purposes or details and we have obtained your prior consent before collecting, using, or disclosing your Personal Data where required;
  2. We are permitted to do so under applicable data protection laws or other relevant laws.

Where we collect your Personal Data from sources other than directly from you, we may rely on exemptions from the obligation to inform you of the purposes and details of such collection in the following circumstances:

  1. You are already aware of such purposes or details;
  2. We believe that notice of such new purposes or the details of Personal Data are impossible or will obstruct the use or disclosure of your Personal Data, in particular for scientific, historical, or statistical research purposes, where we will take suitable measures to protect your rights, freedoms and interests;
  3. It is urgent to use or disclose your Personal Data as required by law and we will implement suitable measures to protect your interest; or
  4. We are aware of or acquire your Personal Data from our duty, occupation or profession, and we will maintain new purposes or certain Personal Data details with confidentiality as required by law.

4. Your rights
The Personal Data Protection Law aims to give you more control of your Personal Data. You have legal rights concerning your Personal Data. You may exercise such rights in accordance with the conditions prescribed by law and the procedures for exercising rights established by the Company. These rights include:

    4.1 Right to access Personal Data
    You have a right to get access and obtain a copy of your Personal Data that we hold about you, or you may ask us to disclose the sources of where we obtained your Personal Data that you have not given consent.

    4.2 Right to Personal Data portability
    In certain cases, you have the right to request a copy of your Personal Data, provided that the Company has made such Personal Data available in a format that is generally readable or usable by means of automated tools or devices. You also have the right to request that such Personal Data be transmitted or transferred to another data controller in the aforementioned format where technically feasible, as well as the right to receive Personal Data that has been transmitted or transferred directly to another data controller, unless it is technically not feasible to do so.

    4.3 Right to object to the processing of your Personal Data
    You have the right to object to the collection, use or disclosure of your Personal Data for the purposes of our legitimate interests (or those of another person). You also have the right to object to the use of your Personal Data for direct marketing. However, we may refuse to comply with your request if we can demonstrate compelling legitimate grounds for the collection, use, or disclosure that override your interests, rights, and freedoms; or if such collection, use, or disclosure is necessary for the establishment, exercise or defense of legal claims, or for compliance with legal obligations.

    4.4 Right to erasure your Personal Data
    You have a right to request us to delete, destroy or anonymize your Personal Data in the following circumstances where:
    1. The Personal Data is no longer necessary for the purpose of which it was collected, used or disclosed;
    2. You have withdrawn your consent to which the collection, used or disclosure is based on and we do not have legal grounds to collect, use or disclose the Personal Data;
    3. You have objected to the collection, use or disclosure of the Personal Data and we do not have legal grounds to reject such request; and/or
    4. When the Personal Data has been unlawfully collected, used or disclosed under the Personal Data Protection Law.


    4.5 Right to restrict the processing of your Personal Data
    You have a right to request us to restrict the processing of your Personal Data in the following circumstances when:

    1. It is under the pending examination process of checking whether the Personal Data is accurate, up-to-date, complete and not misleading or not;
    2. It is the Personal Data that should be deleted or destroyed as it does not comply with the law and you request to restrict it instead;
    3. The Personal Data is no longer necessary to retain for the purpose of which it was collected, used or disclosed, but you still have the necessity to request the retention for the purposes of the establishment, compliance, exercise of legal claims or the defense of legal claims;
    4. We are pending verification in order to reject the objection request to the collection, used or disclosure of Personal Data.


    4.6 Right to rectification
    You have a right to rectify inaccurate Personal Data in order to make it accurate, up-to-date, complete and not misleading. If we reject your request, we will record such rejection with reasons.

    4.7 Right to lodge a complaint
    You will have the right to make a complaint to the competent authority in the case of where we, our data processors including our employees or contractors do not comply with the Personal Data Protection Law or other announcements of the Personal Data Protection Law.

    4.8 Right to withdraw consent
    You may withdraw your consent at any time, unless we have lawful basis to deny your request.

5. Retention period of Personal Data
We retain your Personal Data for as long as it is reasonably necessary to fulfil the purpose for which we obtained it, and to comply with our contractual, legal and regulatory obligations, to enable us to safeguard our legitimate rights such asserting claims in courts or for statistical or historical purposes.

The period we keep your Personal Data is often linked to the prescription period and law enforcement period under the laws, which in many cases is up to 10 years. We will keep your Personal Data after this time if we must do so to comply with the legal obligation, or if some existing claims or complaints will reasonably require us to keep your Personal Data, or for regulatory or technical reasons. If we do need to keep your Personal Data for a longer period, we will continue to protect that Personal Data.

We may need to retain images and video clips from CCTV surveillance systems installed for security and safety of persons within our premises for 45 days.

6. Security
We use a range of appropriate physical, technical and organizational measures to keep your Personal Data safe and secure which may include encryption and other forms of security. We require our staff and any third parties to comply with appropriate privacy standards including obligations to protect any Personal Data and applying appropriate measures for the use and transfer of Personal Data.

We certify that all collected Personal Data will be stored safely and securely with strict and adequate security standards and in compliance with the Personal Data Protection Law.

We have implemented measures on controlling access and use of devices for storing and processing Data which are secured and suitable for our collection, use and disclosure of Data. We also have measures on restricting access to Data and the use of storage and processing equipment by imposing users' access rights, users' permission rights to the authorized personnel, and users' duties and responsibilities to prevent unauthorized access, disclosure, perception or unlawful duplication of Data, or theft of device used to store and process Data.

7. How we share your Personal Data
We may disclose or transfer your Personal Data to our affiliates to comply with our legal obligations, to prevent fraud and/or to secure our tools, to improve our products and/or services or for the marketing purpose.

We may disclose or transfer your Personal Data to the third parties who collect, use and disclose Personal Data in accordance with the purpose under this Privacy Policy. You can visit their privacy policies to learn more details on how they collect, use and disclose your Personal Data as you are also subject to their privacy policies separately.

We may provide your Personal Data to the following parties on a need-to-know basis in certain circumstances:

  1. Business partners, including (i) our group or affiliated companies and (ii) other persons or entities that we have an agreement with.
  2. Suppliers, agents and other external auditors, system located overseas where the disclosure of such Personal Data has a specific purpose and legal basis, as well as appropriate security measures.
  3. Third parties providing services to us, such as market analysis and subcontractors acting on our behalf.
  4. Social media companies (in a secure format) or other third-party advertisers so they can display relevant messages to you and others on our behalf about our products. Third-party advertisers may also use Data about your previous web activity to tailor adverts what are displayed to you.
  5. Requirement for a proposed sale, reorganization, transfer, financial arrangement, asset disposal or other transaction relating to our business and/or assets held by our business.
  6. Requirement under the laws and other relevant regulations, court order or other authorities. This includes any law enforcement agency, court, regulator, government authority or other third parties where we believe it is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals' personal safety, or to detect, prevent, or otherwise address fraud, security, or safety issues.

8. International disclosure or transfer of Personal Data
We may disclose or transfer data subjects' collected Personal Data to group companies, third parties (such as, business partners, suppliers or service providers), or servers located in countries outside Thailand whose data protection laws may not be the same or as extensive as those in Thailand.

We will only disclose or transfer the collected Personal Data to a country which the Personal Data Protection Committee considers to have adequate data protection standards, or where it is necessary to transfer Personal Data to a country with data protection standards not equivalent to those in Thailand, we will provide appropriate safeguards to protect the data subjects' interest and the disclosure or transfer will take place if one of the exceptions defined by the Personal Data Protection Law is met. The exceptions are:

  1. The transfer is necessary for compliance with the laws;
  2. The data subjects have explicitly consented to the proposed transfer after having been informed of the inadequate personal data protection standards of the destination country or international organization receiving personal data;
  3. The transfer is necessary for the performance of a contract with the data subjects as a party to the contract or the implementation of pre-contractual measures taken at the data subjects' request;
  4. The transfer is necessary for the performance of a contract in the data subjects' interest between us and another natural or legal person;
  5. The transfer is necessary to protect the data subjects' vital interests or those of other persons, where the data subject is incapable of giving consent; or
  6. The transfer is necessary for important reasons of public interest.

9. How to contact us
If you have any comments, suggestions, questions or want to make a complaint or exercise your rights regarding your Personal Data, please contact us at No.88 The PARQ Building, 15th floor, Ratchadaphisek Road, Khlong Toei, Khong Toei Bangkok 10110 Tel: (+66) 2610 2500 or visit our website at https://www.suntorypepsico.co.th/en/corporate/privacy-policy or contact our data protection officer at dpo@suntorypepsico.com .

10. Changes to this Privacy Policy
We reserve the right to change, amend or update the privacy policy at any time as we deem appropriate by notifying you of the said change, amendment or update. We will notify the changes on our website https://www.suntorypepsico.co.th/en/corporate/privacy-policy in which you can check at any time.

To continue doing business with our business partners and maintain our business relationship, SPBT shall continue to collect and use business partners Personal Data which SPBT currently hold about our business partners and/or their employees, personals, or contractors. These Personal Data will only be used for SPBT original purposes before the effectiveness of the Personal Data Protection Law.

See More Close

SUNTORY GROUP CODE OF BUSINESS ETHICS
 Download
Supplier Guidelines
 Download
Suntory PepsiCo Anti-Bribery
 Download
SUNTORY GROUP SUSTAINABILITY
 Download
SUNTORY GROUP HUMAN RIGHTS
 Download

Corporate

Brands

People

News

Sustainability

Contact

Follow

COPYRIGHT 2022, SUNTORY PEPSICO BEVERAGE (THAILAND) CO., LTD.