Data Protection Policy
Introduction
Haier is a Chinese multinational consumer electronics and home appliances company. It designs, develops, manufactures and sells products including air conditioners, mobile phones, computers, microwave ovens, washing machines, refrigerators, and televisions.
The headquarter is located in P. R. China but there are some Haier entities located in the Southeast Asia.
Haier is particularly committed to conduct its business in accordance with the privacy and the protection of personal data of individuals.
The purpose of this Data Protection Policy (the “Policy”) is to inform you about the commitments made by Haier to ensure that your personal data are processed in compliance with the applicable relevant laws.
This Policy may evolve according to the legal and regulatory context and the doctrine of supervisory authorities.
Definitions
Data Controller: means a Person or a juristic person having the power and duties to make decisions regarding the collection, use, or disclosure of the Personal Data.
Data Subject: Any natural person, including you, whose Personal Data are processed by Haier.
Personal Data: Any information relating to a person, which enables the identification of such person, whether directly or indirectly, but not including the information of the deceased person in particular.
Processing: Any operation or set of operations which is performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data Processor: A Person or a juristic person who operates in relation to the collection, use, or disclosure of the Personal Data pursuant to the orders given by or on behalf of the Haier legal entity, whereby a Person or a juristic person is not the Data Controller.
Applicable law
The Policy is subject to the relevant local laws of the concerned Haier legal entity such as Personal Data Protection Act.
In case any of the terms/provisions herein are inconsistent or in contradiction with the applicable laws, the applicable laws shall prevail and the terms/provisions herein shall be interpreted and apply to the maximum extent permissible under the applicable laws.
Principles for processing Personal Data
Haier commits to ensure that Personal Data are:
· processed fairly and reasonably and lawfully manner;
· collected for specified, clear, legitimate purposes and limited to what is necessary;
· accurate and, where necessary, kept up to date;
· kept for no longer than is necessary for the purposes;
· processed in a manner that ensures appropriate security.
Privacy of Data Subjects under the age of 10
Our products and services are not targeted to persons under the age of 10. We do not knowingly collect or process personal data from persons under the age of 10. Please note that if you are under the age of 10, you will need to provide us a written signed consent from your parent or guardian indicating that your parent or guardian has consented for us to process your data and send us the consent through contact information provided from the section of “Whom should I contact?”
Responsibilities
Haier ensures that all its Processing are performed in accordance with the applicable laws.
Management
Management is responsible for defining and structuring all processes where Personal Data can be collected, processed and/or used, that they comply with this Policy.
In particular, the following tasks are falling in the responsibility scope of the management:
· Ensuring that technical and organizational security measures are in place;
· Assuring that processes for the Personal Data collection, use and/or processing are compliant with the applicable laws;
· Monitoring on a regular basis the relevant applicable laws.
Data protection officer
Where required by law, Haier Thailand may appoint a data protection officer who is in charge to ensure compliance with relevant data protection and privacy law and the provisions of this Policy.
How do we process Personal Data?
In which context do we obtain Personal Data?
· By hiring people;
· By being contacted by customers, suppliers and/or other persons via our website, phone, email or any other mean;
· By prospecting new clients.
How do we respect the transparency principle?
Data Subjects are informed by the Haier legal entity which is collecting the Personal Data that his/her Personal Data are collected, used and/or processed and how his/her Personal Data are being handled by Haier.
In particular, Data Subjects are informed (i) of which types of Personal Data will be subject to Processing; (ii) for which specific purpose(s); (iii) to whom such Personal Data might be transmitted; (iv) how the Data Subject can exercise its rights and (v) of when personal data shall not be kept.
How do we use the Personal Data?
Personal Data are subject to data secrecy. Haier apply the following rules in order to prevent any unauthorized collection, processing or use of such data by its employees:
· Employees may have access to Personal Data only as is appropriate for the type and scope of the task in question;
· Employees shall not disclose Personal Data to unauthorized people, either within the company or externally;
· Employees shall request help from their manager or the Data protection officer (if applicable) if they are unsure about any aspect of data protection.
How do we respect data accuracy?
Haier ensures that Personal Data are accurate and, where necessary, kept up to date, by applying the following rules:
· Employees shall take every opportunity to ensure Personal Data are updated and the management shall ensure that relevant databases and systems are checked on a regular basis;
· Personal Data shall be updated as inaccuracies are discovered.
How do we store Personal Data?
Haier is aware that periods for which the Personal Data are stored must be limited to a strict minimum. To ensure safely storage, Haier applies the following rules:
· Personal Data shall be protected by strong passwords that are changed regularly and never shared between employees;
· Personal Data shall only be stored on designated drives and servers, and shall only be uploaded to an approved cloud computing services;
· Servers containing Personal Data shall be sited in a secure location, away from general office space;
· Personal Data shall be backed up frequently;
· All servers and computers containing Personal Data should be protected by approved security software and a firewall;
· Right to Be Forgotten: the Data Subject has the right to restrict or prevent continuing disclosure of personal data where the purpose of the disclosure is no longer necessary or Data Subject has withdrawn the consent.
Transfer of Personal Data
As Haier is a multinational group, Personal Data may be transferred to countries located outside the Thailand.
The transfer of Personal Data within Haier group is subject to standard contractual clauses or intra-group schemes.
The transfers of Personal Data outside Haier group are managed on a case-by-case basis.
Security
Technical and organizational security measures
Haier has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk of each Processing.
These measures are detailed in the different security and IT policies of Haier.
Personal Data breach
In case of a data breach, Haier has implemented an internal process in order to prevent, detect and stop Personal Data breach as well to notify the relevant supervisory authority and, if applicable, the Data Subjects, in time.
Whom should I contact?
Chidsanupong Monkatonyoo
E-mail: Chidsanupong_m@haier.co.th
Done in Thailand, 15 August, 2019