Privacy Notice – Customers and Supplier

Privacy notice – customers and supplier

Lufthansa Services Thailand is committed to protecting the privacy and security of your personal data.

This privacy notice describes how we collect and use personal data about you during and after your
business relationship with us or during the use of our facilities, in accordance with the General Data
Protection Regulation (GDPR). When we collect personal data, we are obliged legally to provide
you with certain information, it is called the “Right to be Informed”. It applies to all data subjects as
individuals (customers or clients) or as representatives or agents of companies (suppliers) and
other data subjects associated with those individuals or companies with whom we provide services
to or conducts business with. If any of the information we provide to you is not clear enough, there
is a contact detail for Lufthansa Services (Thailand)’s Data Protection team further down this
Notice, please do not hesitate to make contact and ask for further information.

This notice does not form part of any contract to provide services or purchase supplies. We may
update this notice at any time. It is important that you read this notice, together with any other
privacy notice we may provide on specific occasions when we are collecting or processing personal
data about you, so that you are aware of how and why we are using such data.

Lufthansa Services (Thailand) Ltd. is committed to protecting the privacy and security of your personal data.

This privacy notice describes how we collect and use personal data about you during and after your business relationship with us or during the use of our facilities, in accordance with the General Data Protection Regulation (GDPR). When we collect personal data, we are obliged legally to provide you with certain information, it is called the “Right to be Informed”. It applies to all data subjects as individuals (customers or clients) or as representatives or agents of companies (suppliers) and other data subjects associated with those individuals or companies with whom we provide services to or conducts business with. If any of the information we provide to you is not clear enough, there is a contact detail for Lufthansa Services (Thailand)’s Data Protection team further down this Notice, please do not hesitate to make contact and ask for further information. This notice does not form part of any contract to provide services or purchase supplies. We may update this notice at any time. It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are aware of how and why we are using such data.

We are a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you during and after your business relationship with us or during the use of our facilities.

We collect personal information about data subjects of individuals or as representatives of companies in order to enter into contracts with those individuals or companies, to take steps to enter into those contracts or potential contracts and to administer the contracts entered into. As an individual or as a representative of a company we will process your data due to the circumstances of your relevant and appropriate relationship with the company. We will also use the personal details to personalize the communication and improve the experience of all data subjects involved.  We may collect additional personal information throughout the period of the business relationship with the companies

We have indicated the below purposes for which we are processing or will process your personal data:

  • Personalise communication with potential, current and previous customers, suppliers and business contacts.
  • Process invoices, purchase orders and make and receive payments.
  • Take steps to enter into a contract or potential contract with customers, suppliers or business contacts.
  • Administer the contract, we have entered into with you (Contract Database).
  • Maintain business management and planning, including accounting and auditing.
  • Assess a supplier’s qualifications related to the performance of a particular job or task.
  • Gather evidence to support the investigation and resolution of any complaints.
  • Make decisions about your continued provision of services or engagement.
  • Deal with legal disputes involving you, other customer, suppliers, contractors, including accidents.
  • Comply with safety and security obligations.
  • Prevent fraud.
  • Ensure network and information security, including preventing unauthorised party, visitor log and CCTV Recording.
  • Conduct data analytics studies to review and better understand customer retention, satisfaction and attrition rates.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

We may collect, store, and use the following categories of personal data about you:

  • Personal details such as name, surname, title etc.
  • Contact details such as address, telephone number and personal email address
  • Purchase Orders, Invoices, and documentation related to sales or purchases
  • Details of devices connected to the internet using the Company’s Wi-fi
  • Visitor log, CCTV footage and other information obtained through electronic means such as entry records

Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract that we have entered into with you.
  • Where we need to comply with a legal obligation.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

We may only share your personal data within concerned department where it is necessary. In addition, we may disclose your personal data to the following third-parties for the following purposes:

  • Names of Third Parties
  • Activities carried out
  • PLP Auditing Office
  • Auditing of our Accounts
  • Thai Revenue Department
  • Processing of our Taxes
  • Data Safe Ltd.
  • Document Archiving and Destruction
  • Asia Green Corporation Co, Ltd.
  • Secure Document Destruction
  • So Cool Solution Ltd.
  • Mail Server Support
  • Siam Commercial Bank
  • Making Payment
  • Thai Post Office
  • Delivery Currier
  • FEDEX Thailand
  • Delivery Currier
  • DLH Thailand
  • Nian Service Ltd.
  • Custom Clearance Support

In electronic or/and paper version, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of your personal data are available in our retention policy. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Once you are no longer a representative of or in the service of the company, we will securely destroy your personal data in accordance with our data retention policy or applicable laws and regulations.

We have put in place measures to protect the security of your data. Third parties will only process your personal data on our instructions and where they have agreed to treat the information confidentially and to keep it secure. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

You are entitled to request the following from Lufthansa Services (Thailand) Ltd.  These are called your Data Subject Rights:

  • Right of access. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Right to rectification. This enables you to have any incomplete or inaccurate data we hold about you corrected.
  • Right to erasure. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
  • Right to object to processing. This enable you to ask us to stop processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.

If you have any questions, or wish to contact us and ask us to look at your rights at any time, please contact us at:

 

01.06.2019
Lufthansa Services Thailand