Privacy Notice for Business Partner - Canon Thailand

Version : 1
Effective Date : 24 February 2021

Business Partner Privacy Notice

Our Commitment to Privacy

Canon Marketing (Thailand) Company Limited ("we," "us," or "our") considers protection of personal data to be an important matter in our businesses. This Business Partner Privacy Notice ("Privacy Notice") describes how we collect, use, and disclose personal data of employees, personnel, authorized persons, directors, shareholders, and other contact persons ("you" or "your") of our business partners (e.g., business contacts of suppliers, vendors, service providers, dealers, outsource agencies, or contractors) (each a "Business Partner"), and tells you about data protection rights.

Your personal data is collected, used, and disclosed by us because we have an existing or potential business relationship with you or the Business Partner you work for, act for, or represent. For example, our Business Partner provides us products or services (e.g., logistics, marketing, or IT services), or otherwise communicates with us related to our business which you may be a part of

Please read this policy in its entirety and review this page periodically for any updates. For easy accessibility, this Statement will be made available on our website.

1. Scope: Personal Data We Collect

Personal data means any data about you which can directly or indirectly identify you (excluding data of the deceased persons). We collect the following types of personal data:

• Identity Data : such as, first name, last name, title, age, gender, date of birth, photos, information on CV, education, work-related information, (e.g., position, function, occupation, job title, company, and department or business unit you work for, employed at, or holds shares of), information on government-issued cards or official records, (e.g., national identification number, passport number), household registration, percentage of shares, signatures, and other identifiers.
• Contact Details : such as, telephone numbers, mobile phone numbers, postal address, email address, and other similar information.
• Financial Details : bank account number, bank passbook, bank guarantee, bank statement and other financial information.
• Other information collected, used, or disclosed in connection with the relationship between us and the Business Partner, such as, personal data and/or information you give us in contracts, forms, or surveys, credit rating and solvency, risk profile, information on declaration of suitability, car license plate number, driver's license and other vehicle details.
• Sensitive data : such as religion and race. 

If you provide personal data of the others to us, e.g. name and contact information of your colleagues or your emergency contact, please provide this Privacy Notice to them for their acknowledgement and/or obtaining consent, if required, from them, where applicable.  

2. Method: How We Collect Personal Data

We collect your personal data through various means, including via:

• Directly from you (for example, when you do business with us, including signing contracts, filling forms, submitting CVs and proposals; when you interact with us, including interactions via our website and online store, via e-mail, by phone, during meetings and events; or when we visit you);
• Publicly available sources where you allow such Personal Data to be shared publicly; and
• Our affiliates or third parties, such as our other business partners.

3. How We Use Your Personal Data

We collect, use, or disclose your personal data on the legal bases of contractual relationship; legal compliance; our legitimate interest; or any other bases as permitted by applicable laws, as the case may be, for the following purposes:

• Contractual relationship management : such as, planning, performing, and managing the contractual relationship with the Business Partner (e.g., by performing transactions and orders of products or services), processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, providing support services;
• Communication : such as, communicating and/or coordinating with the Business Partners about products, services, product training, and projects of ours or Business Partners, e.g., by responding to inquiries or requests, informing you of updates, events, invite you to the events, and managed related aspects of our relationship;
• Business Partner selection : such as, verifying your identity and Business Partner status, conducting due diligence or any other form of background checks or risk identification on you and the Business Partner (including screening against publicly available government law enforcement agency and/or official sanctions lists), evaluating suitability and qualifications of you and the Business Partner, issuance of request for quotations and bidding, execution of contracts with you or the Business Partner;  
• Business Partner data management : such as, maintaining and updating lists/directories of Business Partners (including your personal data), keeping contracts and associated documents in which you may be referred to;
• Business analysis and improvement, such as, conducting research, data analytics, assessments, surveys, and reports on our products, services, and your or the Business Partner's performance, development, and improvement of marketing strategies and products and services, informing you of news and publications which may be of interest, events, offering new products or services;
• IT systems and support, such as providing IT and helpdesk support, creating and maintaining vendor codes and profiles for you, managing your access to any systems to which we have granted you access, removing inactive accounts, implementing business controls to enable our business to operate and to enable us to identify and resolve issues in our IT systems, to keep our systems secure, performing IT systems development, implementation, operation, and maintenance;
• Security and system monitoring, such as authentication and access controls and logs where applicable, monitoring of system, devices and internet, ensuring IT security, investigation, prevention and solving crimes, as well as risk management and fraud prevention;
• Complying with reasonable business requirements, such as internal management, training, service quality, reporting, submissions or filings, data processing, control or risk management, statistical, trend analysis and planning or other related or similar activities, obtaining advice from our professional advisors, correspondence in relation to our relationship with you or administration and troubleshooting;
• Dispute handling, such as solving disputes, enforcing our contracts, establishing, exercising, or defense of legal claims, compliance with internal policies and applicable laws, regulations, directives, and regulatory guidelines, liaising and interacting with and responding to government authorities, courts, or tribunals; and
• Authentication and verification your identity.

If you fail to provide personal data which we need to collect based on the legal basis for entering into or performing the contract with you, you acknowledge and understand that we may not be able to fulfil the above listed purposes.

Where your consent is required for certain activities of our collection, use, or disclosure of your personal data, we will request and obtain your consent for such activities separately.

4. Sharing Your Personal Data

We may have to share your personal data with other parties for the purposes set out in section 3 above, such as, our affiliates within our group (e.g., Canon Singapore Pte. Ltd.), our other business partners, third party service providers engaged by us (e.g., banks, insurance companies, telecommunication service providers, IT service providers, payment service providers, research agencies, analytics service providers, survey agencies, auditors or financial advisories, marketing, advertising media, and communications agencies, payment, payment system, authentication service providers and agents, outsourced administrative service providers, data storage and cloud service providers etc.)   

In some cases, we may share your personal data to any government authority, law enforcement agency, court, regulator, or other third party where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individual’s personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.

5. Cross-border Transfers

We need to transfer your personal data outside Thailand to other countries which may have a higher or lower level of data protection standards than in Thailand, such as when we store your personal data on cloud platforms or servers located outside Thailand for IT system support.

When it is necessary to transfer your personal data to another country with a level of data protection standards lower than in Thailand, we will ensure an adequate degree of protection is afforded to the transferred personal data, or that the transfer is otherwise permitted in accordance with the applicable data protection law. We may, for example, obtain contractual assurances from any third party given access to the transferred personal data that such data will be protected by data protection standards which are equivalent to those required in Thailand.

If you wish to seek further information about how we protect your personal data when it is transferred outside Thailand, please contact us at the address in “How to Contact Us” section.

6. Data Retention

We retain your personal data for as long as is reasonably necessary to fulfil the purpose for which we obtained them and to comply with our legal and regulatory obligations.

We may have to retain your personal data for a longer duration, as required by applicable law.

7. Your Rights

The rights in this section are your legal rights, where you may request exercise of these rights under the conditions prescribed by law and our right management procedures. To exercise any of these rights in this section, you may contact us at the address in “How to Contact Us” section.

These rights are as follows:

• To request access, obtain a copy of your personal data, or for the disclosure of the acquisition of your personal data that is obtained without your consent;
• To have your personal data corrected, if it is inaccurate or not up to date, which will help us comply with our obligation to have up-to-date data about you;
• To have your personal data erased, destroyed, or anonymized;
• To request us to provide your personal data in a structured, commonly used and machine-readable format, and transmit it to another organization;
• To object to us or restrict us from collecting, using, or disclosing your personal data;
• To withdraw consent for collection, use, or disclosure of your personal data that is based on your consent at any time.

Your request for exercising any of the above rights may be limited by the applicable laws. There may be certain cases where we can reasonably and lawfully decline your request, for example, due to our legal obligation or court order. If we decline your request under this section, we will notify you of our reason. 

If you believe our collection, use, or disclosure of your personal data is in violation of the applicable data protection law, you have the right to lodge a complaint to the competent data protection authority, where applicable. We would appreciate the chance to deal with your concerns before you approach the authority, so please contact us in the first instance.

8. Rights to Amend Our Privacy Notices

We may amend this Privacy Notice, or any of other privacy notices, from time to time as our data protection practices change, due to various reasons such as technological changes or changes of the law.

The amendments to this Privacy Notice will be effective upon being sent via email to your contact persons, and/or published by us on our website. If such amendment substantially affects you as a data subject, we will give you reasonable prior notice in a suitable manner before such amendment is effective.  

9. How to Contact Us

If you have any questions about our practices and activities relating to your personal data, you can contact us per the details below. We will be happy to help with requests for information, suggestions, or complaints:

Canon Marketing (Thailand) Co., Ltd.

• No.98 Sathorn Square Office Tower, 22nd -24th floor, North Sathorn Road, Silom, Bangrak, Bangkok. 10500
• Head Office Tel. : 0-2344-9999
• Canon Call Center Tel.: 0-2344-9988
• Fax: 0-2344-9861
• Opening Hours : Monday to Friday, 8.15 am - 5.15 pm (Closed on public holidays)