TH
  1. Home
  2. Privacy Policy for business partners, customers, manufacturers and vendors

Privacy Policy for business partners, customers, manufacturers and vendors

DEMCO respects the privacy rights of business partners, customers, manufacturers, and sellers (hereinafter referred to as "Contractual participant") and, to ensure that Contractual participant personal data is protected, DEMCO has issued this policy as an extension of the "DEMCO Group Personal Data Protection Policy". This policy aims to inform Contractual participant about the details related to the collection, usage, and disclosure (collectively referred to as "processing") of Contractual participant’s personal data in various formats, including computer data, document data, or any other data, as prescribed by personal information protection laws.

  1. Definition
    Business Partners, Manufacturers, Sellers: Referring to collectively to goods sellers, contractors, and/or service providers to DEMCO, both legal entities and individuals, including agencies of goods sellers, contractors, and/or service providers mentioned above.
    Customers: Referring to individuals or legal entities that engage in transactions with DEMCO.

    Beyond those defined above, the definitions shall follow those specified in DEMCO Group Personal Data Protection Policy.

  2. Purposes of Personal Data Processing
    1. For the benefit of performing contract-related processes, making offers, and negotiating to enter contracts, including processes related to auctions, records to confirm business partner identities, or to register, select partners, compare prices, etc.
    2. For the benefit of fulfilling contractual obligations or performing under contracts, especially processing Contractual participant’s personal data for procurement, contracting, acceptance inspections, payment for goods and services, relationship management, and checking and evaluating works performed according to agreements in purchase orders, contracts, or other documents related to the procurement process, including managing relationships with Contractual participant, such as lease agreements, constructional contracts (project work), etc.
    3. For the benefit of DEMCO under legal compliance, such as internal management, organizational management, research and analysis for working and service procedure development and improvement which includes website administration, system maintenance, and detecting and preventing fraud, misconduct, or other crimes.
    4. For the benefit of improving DEMCO's services, such as conducting questionnaires to assess Contractual participant’s satisfaction.
    5. For the benefit of DEMCO under legal compliance related to various security aspects, including implementing security measures, such as access control to DEMCO's premises, logging into systems, accessing websites, or applications.
    6. For the benefit of preventing and mitigating risks to life, body, or health of Contractual participants or others, such as emergency case communications, control, and prevention of infectious diseases.
    7. For DEMCO to perform various legal duties, comply with legal enactments, regulations, and orders of authorized persons under the laws.

    The collection, usage, and disclosure of Contractual participant’s personal data for the topics 2.1, 2.2, 2.3, 2.5, 2.6, and 2.7 can be carried out by DEMCO without Contractual participant’s consent as required by law. For the other topic that requires consent, Contractual participants can study the details concerning consent as referred in section 4.

  3. Collected Personal Data
    1. DEMCO shall collect Contractual participant’s personal data for contact purposes, entering into contracts, or performing contracts between Contractual participants and DEMCO, or for any services provided by Contractual participants to DEMCO Group, such as:
      • Name card information: name-surname, job position, phone number, email.
      • Identification information: name-surname, ID card number with details, photos, and other information used for identification.
      • Work-related information: work history, work performance, employment information, information for safety management, occupational health, and environmental condition in Contractual participant’s workplace, including accounting and financial information such as compensation, bank account number.
      • Financial information: Such as bank account number, income information, payment history, etc.
    2. If Contractual participants visit DEMCO's website, DEMCO shall collect the following information:
      • Registration information: name, surname, email, mobile number and password.
      • Information about the electronic devices Contractual participants use, such as IP addresses or other device identifiers.
      • Browser type and version, including plugin type and version of the browser.
      • Time zone settings.
      • * MAC address and location data (for DEMCO's Free Wi-Fi service users only).

      DEMCO will use this information in anonymous form that does not identify individuals and will not use it to identify Contractual participants’ Wi-Fi service usage. The data shall not link with other data that DEMCO holds. The purpose of collecting and processing such information is for the legitimate interests of DEMCO in improving and developing DEMCO's services and operations as stated in topic 2.4, including for system maintenance and security of the computer system as stated in topic 2.5.

      - DEMCO has set the policy regarding the use of Cookies, which are declared on DEMCO's website.

    3. When Contractual participant enters DEMCO's premises, DEMCO may collect images/data captured by CCTV cameras. This information may identify the Contractual participant. However, DEMCO does not collect audio data through the CCTV cameras.
    4. DEMCO may need to collect and process special categories of personal data as required by data protection laws for purposes stated in section 2. In some cases, DEMCO may collect the special categories of personal data although the product or the service is not directly related to those special categories. For example, DEMCO may need to use a copy of Contractual participant’s ID card, which contains information about your religion, for contract-related purposes or to comply with tax regulations.
    5. DEMCO may process special categories of personal data if it is necessary but under Contractual participant’s explicit consent for other purposes as required by law(s). DEMCO will implement appropriate security measures to safeguard such special categories of personal data.
  4. Consent and Possible Consequential Effects of Withdrawing Consent
    1. In cases when DEMCO collects, processes, and analyzes personal data beyond the purposes outlined in sections 2.1, 2.2, 2.3, 2.5, 2.6, and 2.7, DEMCO will seek Contractual participant’s consent. Contractual participant has the right to withdraw his/her consent at any time. However, withdrawing consent will not affect the collection, use, disclosure, or processing of personal data that Contractual participant had previously consented to.
    2. If Contractual participant withdraws his/her consent or refuse to provide certain information, it may result in DEMCO being unable to carry out some or all the purposes specified in this privacy policy.
  5. Duration of Personal Data Retention:
    1. DEMCO will retain Contractual participant’s personal data for the necessary duration to achieve the purposes for each type of personal data, unless the law permits a longer retention period. In cases where a clear retention period cannot be specified, DEMCO will retain the data for a period that is reasonably necessary based on standard data collection practices (e.g., a maximum of 10 years in accordance with general legal requirement).
    2. DEMCO has implemented a system for regular checks to delete or destroy personal data once the retention period expires or when it is no longer relevant or necessary for the purposes of data collection.
    3. In cases where DEMCO processes Contractual participant’s data with his/her consent, the processing will continue until the Contractual participant requests the withdrawal of consent and DEMCO has completed the Contractual participant’s request. However, DEMCO will retain the Contractual participant personal data acc. to the extent of necessity as the record that the Contractual participant had previously withdrawn consent, enabling DEMCO to respond to any future requests from the Contractual participant.
    4. Regarding personal data collected through closed-circuit television cameras:
      • Under normal circumstances, personal data may be retained for 30 days.
      • In exceptional cases, such as when required for investigation, inquiry, legal proceedings, or at Contractual participant’s request, personal data may be retained for a longer period. DEMCO will securely delete such data when the purpose is fulfilled.
  6. Disclosure of Personal Data to Third Parties
    1. DEMCO may disclose, transfer, or share Contractual participant’s personal data with other companies of DEMCO business group for purposes specified in sections 2.1, 2.2, 2.3, 2.5, 2.6, and 2.7, without requiring additional consent. For other purposes, DEMCO will seek your consent as detailed in section 4.
    2. DEMCO may disclose, transfer, or share Contractual participant’s personal information with individuals and/or legal entities other than those of the companies of DEMCO business group ("Other Parties") for the purposes outlined in Sections 2.1, 2.2, 2.3, 2.5, 2.6, and 2.7 without requiring Contractual participant’s consent as mandated by law. This may include service providers for transactions and financial services (such as banks), technology service providers (such as cloud systems, block chain systems, SMS delivery services, and data analytics services), auditors, insurance companies, consultants, government agencies (such as the Revenue Department, the Anti-Money Laundering Office), and other individuals necessary for the Company to conduct businesses and provide services to Contractual participants. However, DEMCO will seek Contractual participant’s consent for disclosure, transfer, or sharing for purposes which are not legally mandated, as specified in Section 2, related to the collection and processing of personal data.
    3. In case of disclosing information as per sections 6.1 or 6.2, the recipient of the data is considered as a data processor. DEMCO will establish contracts and compliance instructions as required by laws.
    4. DEMCO will ensure that data recipients having the appropriate data protection measures and process the personal data only to the extent necessary, taking steps to prevent unauthorized access, use, or disclosure.
  7. Transfer of Personal Data Abroad
    1. DEMCO may transfer Contractual participant’s personal data to its affiliated companies or other entities abroad when necessary for contractual obligations involving Contractual participant, in the performance of pre-contractual measures at Contractual participant’s request, for compliance with legal obligations, to protect vital interests, for the performance of tasks carried out in the public interest, or for the exercise of official authority.
    2. DEMCO may store your data on servers or clouds provided by third parties and may use third-party programs or applications or platforms. However, DEMCO will not allow unrelated parties to access Contractual participant’s personal data and will ensure that the appropriate security measures are in place.
    3. When transferring data abroad, DEMCO will perform complying with legal conditions, using suitable measures to ensure that Contractual participant’s personal data is adequately protected and that Contractual participant can exercise relevant rights under the law. DEMCO will also require that recipients of personal data must take appropriate measures to protect Contractual participant’s personal data and process such personal data only to the extent necessary and take steps to prevent unauthorized use or disclosure of personal data by others.
  8. Security Measures for Personal Data
    1. Contractual participant’s personal data security is the utmost importance to DEMCO. DEMCO has implemented technical, managerial, and physical security standards to protect personal data from loss, unauthorized access, misuse, alteration, and destruction. This is achieved through technologies and security measures such as encryption and access restrictions. This ensures that only authorized individuals have access to Contractual participant’s personal data, and these individuals undergo training on the importance of personal data protection.
    2. DEMCO has established appropriate security measures to prevent loss, unauthorized access, misuse, alteration, disclosure by unauthorized person. Regular reviews of these measures are conducted, especially when there is a need or when technological changes occur, to ensure effective securities.
  9. Contractual participant’s rights regarding his/her Personal Data
    1. In accordance with data protection laws, each Contractual participant has the following rights:
      • Withdraw consent provided to DEMCO for processing Contractual participant’s personal data.
      • Request to access and/or copy of Contractual participant’s personal data or to disclose about the source of Contractual participant’s personal data.
      • Transfer Contractual participant’s electronic personal data to another data controller as provided by data protection laws.
      • Object to the collection, usage, or disclosure of Contractual participant’s personal data.
      • Delete or anonymize Contractual participant’s personal data.
      • Suspend the use of Contractual participant’s personal data.
      • Correct Contractual participant’s personal data to ensure about accuracy, completeness, and up to date.
      • Lodge a complaint to the Personal Data Protection Committee if DEMCO violates data protection laws.

      By the way, DEMCO will consider and respond to Contractual participant’s rights request promptly within 30 days of receiving the request. These rights are subject to the provisions of data protection laws.

    2. To exercise Contractual participant’s rights under the laws, click here (effective from June 1, 2022, when data protection laws come into effect for data controllers).
  10. Information about Data Controller and Data Protection Officers
    1. Data Controller: DEMCO Public Company Limited
    2. Contact Address: 59 Moo 1, Suan Phrik Thai, Mueang Pathum Thani, Pathum Thani, 12000
    3. For inquiries regarding data protection:

If there are any modifications or updates to this privacy policy, DEMCO will announce the revised version on its website. It is recommended to periodically check for changes. The new policy will take effect immediately upon publication.