Movefast Public Company Limited and its subsidiaries place importance on personal data and the protection of personal data of customers, business partners and employees as data subjects. The Company shall treat personal data correctly and in accordance with the Personal Data Protection Act B.E. 2562. The Company shall collect, use and/or disclose personal data (collectively referred to as “processing”) as necessary for the purposes for which it has stated. In the collection of personal data, the Company shall request for consent prior to or during the collection of the personal data unless there are exceptions where it does not require consent, in which case it will act as prescribed by the law. Personal data that the Company will process includes, for example, personal data related to the sale and purchase of various goods/products and services with the Company, the entry into sale and purchase contracts, service contracts and/or procurement contracts, human resources matters, management of rights and duties of shareholders, participation in activities with the Company, communication with the Company through various channels (such as visiting the website and correspondence through social media), etc. Therefore, the Company has issued this policy with the following details:

1. Purpose for Processing Personal Data

1.1 For sales of various goods/products and services and the carrying out of other activities related to goods/products, such as the performance of duties under the sale and purchase contract, service contract and/or any other contract, etc.

Personal data processed by the Company, such as

  • Personal data such as name-surname, national identification number, etc.
  • Contact information such as telephone number, email address, shipping address, invoice address, etc.
  • Financial information such as bank account information, credit card information, etc.

1.2 To publicize the Company's marketing activities, such as notification of news and privileges, sending messages for various marketing activities, etc.

Personal data processed by the Company, such as

  • Personal data such as name-surname, national identification number, etc.
  • Contact information such as telephone number, email address, current address, social media contact information, etc.

1.3 For use in procurement-related processes, such as the entry into procurement contract, service contract or any other contract related to the Company's procurement process, etc.

Personal data processed by the Company, such as

  • Personal data such as name-surname, national identification number, etc.
  • Contact information such as telephone number, email address, shipping address, invoice address, etc.
  • Financial information such as bank account information, financial record, etc.

1.4 For use in processes related to human resources matters, such as recruitment and retention of employees, human resources development, talent development, disciplinary action and penalties, payroll and welfare, employee information system and performance appraisal system, etc.

Personal data processed by the Company, such as

  • Personal data such as name-surname, nickname, age, gender, nationality, date of birth, face photograph, marital status, military status, educational background, national identification number, house registration, information in passport, driver's license and professional license, etc.
  • Sensitive data such as religion, fingerprint, health data, criminal record, etc.
  • Contact information such as telephone number, email address, information of emergency contact person, etc.
  • Financial information such as bank account information, etc.

1.5 For the management of shareholders registration and other operations related to shareholders and other actions under the law on public limited companies or the law on securities and exchange.

Personal data processed by the Company, such as

  • Personal data such as name-surname, national identification number, etc.
  • Contact information such as telephone number, email address, address for sending documents, etc.

1.6 For inspection and maintenance of peace and order and to prevent or suppress any incidents that may endanger the life, body or health and property of a person or the Company, including the access control system of its buildings and factories.

Personal data processed by the Company, such as

  • Personal data such as name-surname, national identification number, vehicle registration number, information in driver’s license, etc.
  • Contact information such as telephone number, etc.
  • Recording of still images, sounds and motion pictures, etc.

1.7 Any other purposes for which the Company will notify and obtain consent for data processing unless there is a legal exception where such consent is not required.

2. Disclosure of Personal Data to Other Parties

The Company may disclose personal data to companies under Premier Group of Companies, its business allies, various service providers who provide services to the Company or related companies (both in Thailand and overseas), including government agencies, regulatory agencies or other agencies as required by law. In the disclosure of personal data to other parties, the Company shall proceed only for the purposes specified or other purposes permitted by law. The Company shall supervise that the data so disclosed is kept confidential and used for the stated purposes only. In the event that consent is required by law, the Company shall ask for consent first.

3. Processing of Personal Data by Personal Processors

The Company may assign a person or entity (personal data processor) to process personal data on its behalf of or in the name of the Company. In entrusting the processing of personal data as a personal data processor or so acting as a processor of personal data under various contracts, the Company shall have in place an agreement specifying its duties as a personal data controller and those of the personal data processor. The personal data processor is obliged to process personal data only in accordance with the instructions of the Company and must also comply with the Personal Data Protection Act B.E. 2562 in respect to the duties of the personal data processor.

4. Request for Consent to Process Personal Data

4.1 Where the law requires that consent must first be obtained before processing personal data, the Company shall expressly request for consent before processing personal data.

4.2 In the case of personal data of a minor, an incompetent person or a quasi-incompetent person, the Company shall proceed as required by law in relation to the processing of personal data of a minor, an incompetent person or a quasi-incompetent person, which includes seeking consent from those who have the authority to act on their behalf as prescribed by law.

4.3 In the event that consent is not required, the Company shall proceed according to the legal bases prescribed by law, which are as follows:

4.3.1 Legal bases in the case that the personal data is not sensitive data.

  • It is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such contract.
  • It is necessary for the legitimate interests of the Company or any other persons or juristic persons.
  • To prevent or suppress danger to a person's life, body or health.
  • To be in compliance with prescribed laws.
  • To achieve purposes associated with the public interest or for purposes relating to research or statistics.

4.3.2 In the case that the personal data is sensitive data.

  • To prevent or suppress danger to the life, body or health where consent cannot be given for any reason whatsoever.
  • It is information that is disclosed to the public with explicit consent.
  • It is necessary for the purpose of establishment, compliance or exercise of legal claims or defense of legal claims.
  • It is necessary for compliance with a law to achieve the purposes with respect to matters stipulated by law

4.4 In the event that the Company processes personal data for legal compliance or for the performance of a contract or to use in the processing of your request to enter into a contract, in which the Company requires to process personal data in order to achieve such purposes, failure to provide personal data to the Company for such purposes may have legal consequences or the Company may not be able to perform transactions or provide services according to the contract or may not be able to enter into the contract (as the case may be). In such event, it may be necessary for the Company to cancel the transaction or the provision of related services, whether in whole or in part, or refuse to enter into a contract.

5. Personal Data Retention Period

The Company shall retain the personal data for as long as is necessary for the Company's operations for which such personal data was received or for as long as required by law.

6. Storage and Use of Cookie Data (Browser’s Cookies)

The Company shall collect and use the Company's website browsing data from all visitors through cookies or similar technologies in order to learn how the data subjects interact with the contents of its website and to assist in continuous improvement of the user experience. The website will ask the browser to store the cookies in order to collect information about the use of the website in the computers or mobile devices. Cookies allow websites to "remember" your actions or preferred settings over time. Most internet browsers support the use of cookies.

7. Rights of the Data Subject

As the owner of personal data, the data subject has various rights related to personal data under the Personal Data Protection Act B.E. 2562, the details are as follows:

7.1 Right to withdraw consent

7.2 Right to access personal data

7.3 Right of rectification of personal data

7.4 Right to erasure of personal data

7.5 Right to data portability

7.6 Right to object to personal data processing

7.7 Right to restrict the use of personal data

7.8 Right to file a complaint in the event that the Company does not comply with the Personal Data Protection Act B.E. 2562. The data subjects have the right to file a complaint with the Office of the Personal Data Protection Committee as prescribed by law.

In this regard, should the data subject wish to exercise his/her right he/she can contact the Company through the channels detailed in Clause 10. When the Company has received and examined the request to exercise such rights, it will expeditiously fulfill the request within 30 days from the date it receives such request to exercise the rights. The request to exercise the rights under sections 7.1-7.7 may be limited under the personal data protection law and/or other applicable laws and there may be some cases where there is a necessity that the Company may reject or cannot comply with the request to exercise the above rights. The Company shall inform the data subject of the reason for the rejection, for example compliance with laws or pursuant to a court order, is in the public interest or such exercise of rights may infringe the rights or freedoms of others, etc.

8. Maintaining Security in the Retention of Personal Data

The Company places importance to the security of the personal data. Therefore, it has established and selected a personal data storage system with appropriate mechanisms and techniques and has measures to maintain the security of the personal data in accordance with the rules of the law.

In case of a personal data breach or information leak to the public, the Company shall notify of such incident to the Office of the Personal Data Protection Commission within 72 hours after having become aware of the incident to the extent possible unless such breach is unlikely to result in a risk to the rights and freedom of the data subject. In the event that the breach has a high risk of affecting the rights and freedom of the data subject, the Company shall notify the breach and the remedial measures.

The Company shall not take any responsibilities to third parties for any damage resulting from the use or disclosure of the personal data of the data subject by the data subject's own actions or any other persons who have obtained the consent of the data subject.

9. Review of the Policy

The Company shall review the policy at least once a year or in case of any changes in the law.

10. Contact Information

If you have queries or require additional information regarding the Personal Data Protection Policy, including request to exercise the rights according to this policy, please contact the Data Protection Officer at:

Movefast Public Company Limited

1745 Sriwara Road (Lat Phrao 94), Plubpla, Wangthonglang, Bangkok 10310

Telephone: +66 81-444-1053 E-mail: dpo@movefast.me

This policy shall be regarded as the Company's personal data protection principle for compliance in accordance with the Personal Data Protection Act B.E. 2562.