Privacy Notice for Directors and Shareholders
German Auto Co., Ltd. (“We“) recognizes the importance of privacy and the protection of personal data of individuals involved in our organizational management, such as directors, shareholders, proxies, spouses, etc. (collectively referred to as “Shareholders” or “You“). We have therefore prepared this Privacy Notice to inform you about our practices regarding the collection, use, and disclosure (“Processing”) of personal data, as well as the rights you are entitled to under the Personal Data Protection Act B.E. 2562 (2019) (PDPA).
This Privacy Notice applies only to data subjects involved in our organizational management. If you visit other websites, even through a link on our website, the protection of personal data will be subject to the privacy policy of that third party, with which we are not involved.
1. Personal Data We Collect
Personal Data means any information relating to a natural person that enables the identification of that person, whether directly or indirectly, but specifically excludes information of a deceased person.
Special Categories of Personal Data (sensitive data) includes information such as religious data, health data, disability data, biometric data (e.g., fingerprints, facial recognition data), and criminal records.
We collect personal data directly from you, such as through contact or shareholder meetings. We may also collect your personal data from other sources, such as government agencies, affiliated companies, business partners, etc. The types of personal data may be categorized as follows:
Category of Data | Examples of Personal Data |
Personal Details | Name, surname, nickname, gender, age, date of birth, nationality, data identified in government documents (e.g., ID card data, passport data, photos, military documents, household registration data, educational records), signature |
|
|
Contact Details | Address, telephone number, email, LINE ID, or any other similar information |
Financial Details | Bank account details, bank statements, financial information, related contract details |
Work Details | Work history, training history, educational history |
Technical Details | Computer machine number, video, footage from closed-circuit television (CCTV), information system usage data, GPS location |
Special Categories of Personal Data | Religious data, health data (e.g., congenital diseases, food allergies), disability, biometric data (e.g., fingerprints, facial recognition data), criminal records |
Other Identifiable Data | Behavioral data, vehicle information, third-party data, any other data that can identify you |
2. Necessity of Personal Data Processing
In cases where we need to collect your personal data for entering into a contract, performing a contract, or complying with the law, if you do not provide that personal data to us, we may not be able to proceed with your request.
If we receive a copy of your ID card or other documents for identity verification or for conducting any transaction with us, such documents may contain religious data or other special categories of personal data.
We do not have a policy of collecting such data from you unless, we have a legal basis to do so. Therefore, we kindly request that you mask or redact such information before submitting any document to us. If you do not do so, we will manage such data in accordance with our internal practices and as permitted by law, including masking or redaction as apporopriate.
If you provide us with personal data of a third party___, such as name, surname, address details, telephone number, or other contact details, _____, please inform that person of this Privacy Notice so they are aware of it and/or seek consent where necessary.
We process the personal data of minors, quasi-incompetent persons, and incompetent persons only when a valid legal basis exists. When required, we will seek consent from the legal guardian. Should we become aware that the data of a person with diminished capacity has been processed not in accordance with the law, we will take appropriate action promptly.
3. Legal Basis and Purposes for Personal Data Processing
We will process your personal data only under the legal bases permitted by law , such as obtaining consent for certain activities, contractual necessity, legal compliance, prevention of danger to life or health, legitimate interests, management of legal claims, compliance with labor protection laws, or other bases permitted by law (depending on the activity). In cases where no other basis applies, we will request your consent.
The data is processed to achieve the following purposes:
3.1 Contractual Necessity or Contract Performance: This includes activities such as communication, scheduling appointments, conducting meetings or training sessions, identity verification, payment of compensation, granting authorization, and entering into or performing contracts.
3.2 Legal Compliance: This includes activities such as organizing shareholder meetings, updating registration information, managing the of rights and duties of directors and shareholders, reporting information to government agencies.
3.3 Legitimate Interests: Such as company administration, news announcements, security operations, management of legal disputes, crime prevention, public relations, organizing corporate activities, liasing with government agencies, and participating in activities with the BMW AG Group, its affiliates, subsidiaries, or our business partners.
3.4 Other Purposes: Such as preventing danger to life, body, or health;_______, facilitating travel arrangements; managing venues and catering; conducting risk management; and supporting organizational restructuring, business transfers, or mergers.
4. Persons to Whom We May Disclose Your Personal Data
We may disclose your personal data to third parties as permitted by law, including:
4.1 Government Agencies: Such as the Revenue Department, Social Security Office, Department of Labor Protection and Welfare, and the Courts.
4.2 Business Partners: Such as affiliated companies, the BMW Group, financial institutions, insurance companies, and other relevant business partners.
4.3 Service Providers: We may engage companies, agents, or contractors to perform services on our behalf or to support our operations. These include IT service providers, logistics and transport service providers, payment and payment system service providers, market research and survey service providers, marketing and advertising media service providers, campaign and event organizers, telecommunication service providers, administrative service providers, data storage and cloud service providers, printing service providers, and training service providers.
4.4 Other Third Parties: Such as business consultants, auditors, legal advisors, persons to whom you request disclosure to (e.g., financial institutions, new employers), assignees of rights or obligations, associations, and non-profit organizations.
5. Personal Data Retention Period
We will retain your personal data for the period necessary to fulfill the purposes described in this Privacy Notice. Where required by law, we may need to retain the data for longer period for example, up to 10 years in accordance with the civil law statute of limitations.
6. Your Rights as the Data Subject
You have the right to exercise your rights under the Personal Data Protection Law. We may request additional information to verify your identity before acting on your request.
6.1 Right to withdraw consent (right to withdraw consent): You have the right to withdraw consent at any time for activities for which you previously gave consent, subject to legal conditions.
6.2 Right to access (right to access): You have the right to request access to and obtain a copy of your personal data under our responsibility, including requesting disclosure of how we obtained your personal data, subject to legal conditions.
6.3 Right to data portability (right to data portability): You may request your personal data in an electronic format that is structured and commonly used, where it can be automatically processed. You also have the right to request us to transfer such data to another Data Controller or receive the personal data directly by yourself, subject to legal conditions.
6.4 Right to object: You have the right to object to the processing of your personal data, subject to legal conditions.
6.5 Right to erasure: You have the right to request the deletion or destruction of your personal data, subject to legal conditions.
6.6 Right to restriction of processing: You have the right to request the temporary restriction of the use of your personal data, subject to legal conditions.
6.7 Right to rectification: You have the right to request the correction of your personal so that it is accurate, up to date, complete, and not misleading, subject to legal conditions.
6.8 Right to lodge a complaint: You have the right to lodge a complaint with the Expert Committee under the Personal Data Protection Act B.E. 2562 (2019) if you believe we have violated or failed to comply with the law.
To exercise any of these rights, please contact our Data Protection Officer using the details at the end of this Privacy Notice. We may deny your request only in cases specified by law, such as when restricted by court order. We will notify you of the outcome of the action within the legally required timeframe. If we deny your request, we will inform you of the reasons.
7. Security of Personal Data
We will maintain the security of personal data according to the principles of confidentiality, integrity, and availability, to prevent loss, unauthorized access, use, alteration, modification, or disclosure. We implement personal data security measures as required by applicable laws.
8. Transfer of Personal Data Abroad
We may transfer your personal data to the BMW Group, third parties, or servers located outside of Thailand. Such transfer will comply with the Personal Data Protection Act B.E. 2562 (2019),including implementing appropriate-safeguards to ensure the secure transfer of your personal data and to ensure that the recipient party has an appropriate standard of protection, or other exceptions permitted by law.
9. Contact Information
If you have suggestions, inquiries, or wish to exercise your rights under this Privacy Notice, you can contact us or our Data Protection Officer at:
Data Controller
German Auto Co., Ltd.
441 Debaratana Road, Bang Na Nuea Sub-district, Bang Na District, Bangkok 10260
Email: hr@bmw-germanauto.com
Tel : 02-396-1199 ext. 111
Data Protection Officer
Email : dpo@bmw-germanauto.com
10. Amendment of the Privacy Notice
We may amend this Privacy Notice from time to time due to change in our personal data protection practices, technological developments, or legal changes.
Any updates will be communicated through our website or other communication channels.
This privacy notice was last revised and took effect on September 1, 2025.
