Skip to content Skip to footer

Privacy Notice for SHARE HOLDER

          German Auto Company Limited (“we”, “us” or “our”) recognizes the importance of privacy and the protection of personal data for our corporate management, such as directors, shareholders, proxies, spouses, etc. (collectively referred to as “shareholders” or “you”). We have therefore established a privacy notice to inform you about our practices for collecting, using, and disclosing (“processing”) personal data including the various rights you have under the Personal Data Protection Act B.E. 2562 (PDPA).

1. What personal data we collect

          Personal data means any information relating to a Person, which enables the identification of such Person, whether directly or indirectly, but not including the information of the deceased Persons in particular.

          Sensitive personal data includes information such as religious beliefs, health information, disabilities, biometric data (such as fingerprints and facial recognition data), criminal record, etc.

          We collect your personal data directly from you (e.g., through communication, shareholeder meetings), indirectly from other sources, and through government agencies, our affiliates, business partners. The details are as follows:

          1.1 Personal Details : such as, title, full name, gender, age, nationality, date of birth, photos, work-related information, information on government-issued cards (e.g., national identification number, passport number), work permit, residence certificate, house registration, tax ID, and signatures. 

          1.2 Contact Details : such as, telephone number, postal address, e-mail address, Line ID and other similar information.

          1.3 Financial Details : such as, bank statement, bank account information, financial statement, and other contract related information.

          1.4 Other information processed in connection with the relationship between us and the Business Partner, such as, information you provide us in meetings, forms or surveys.

          1.5 Sensitive Data such as sensitive data as shown in the identification document, health data (e.g., congenital disease, allergic food), disability, biometric data (e.g. fingerprint, facial recognition), and criminal records.

2. Our need for processing personal data

          In cases where we need to collect your personal data to enter into a contract, perform a contract, or comply with the law, if you do not provide such personal data, we may not be able to fulfill your request.

          In cases where we receive a copy of your identification card or any other document for the purpose of verifying your identity before entering into a legal relationship and/or conducting any transactions with us, the received documents may contain information about your religion or other sensitive data. We do not have a policy to collect such data from you, except where there is a legal basis for doing so. In such cases, we will handle the data in accordance with standard practices and as permitted by law, such as through redaction.

          If you provide personal data of any third party to us, e.g., their name, address details, and telephone number for contact, please provide this privacy notice for their acknowledgment and/or obtain their consent where applicable.

         We only collect the information of children, quasi-incompetent persons, and incompetent persons where their parent or guardian has given their consent. We do not knowingly collect information from customers under the age of 20 without their parental consent when it is required, or from quasi-incompetent persons and incompetent persons without their legal guardian’s consent. In the event we learn that we have unintentionally collected personal information from anyone under the age of 20 without parental consent when it is required, or from quasi-incompetent persons and incompetent persons without their legal guardians, we will delete it immediately or process only if we can rely on other legal bases apart from consent.

3. Legal bases for processing your personal data

          We will process your personal data under the following legal bases:

          3.1 Consent

          3.2 Archive/statistic/research

          3.3 To prevent or suspend danger to life, body, or health of individuals

          3.4 Entering into a contract or the performance of a contract

          3.5 Legitimate interest

          3.6 Legal obligation

          3.7 Data disclosed to the public with explicit consent

          3.8 Legal claims, Legal compliance, exercising legal rights, or defending legal claims

          3.9 Necessary for compliance with the law to achieve the following objectives:

                    3.9.1 Providing health or social services

                    3.9.2 Public interest in public health

                    3.9.3 Protecting labor and social security

                    3.9.4 Scientific research, historical, statistical, or other public interest

                    3.9.5 Substantial public interest

          3.10 Other legal bases as permitted by Law

4. The purposes for processing your personal data

          We process your personal data for the following purposes:

          4.1 Entering into a contract or performance of a contract : such as to communicate, to verify your identity, and to pay dividends.

          4.2 Compliance with applicable laws : such as to organize shareholders meetings, to update registration items, and to manage rights and duties of our shareholders.

          4.3 Legitimate interest : such as to manage the company, to send news updates, to ensure security, to manage disputes, and to prevent crime.

          4.4 Other purposes : such as to prevent or suppress danger to a person’s life, body, or health, and to organize events.

          Where we need to collect your personal data as required by law, or for entering into or performing the contract we have with you or business partner and you fail to provide that data when requested, we may not be able to fulfill the relevant purposes as listed above.

5. To whom we may disclose your personal data

          We may have to disclose your personal data to the following third parties who process personal data in accordance with the purpose under this privacy notice. You can visit their privacy notice/privacy policy to learn more details on how they process your personal data.

          5.1 BMW group company : We are the official car dealer of BMW (Thailand) Co., Ltd. and are part of the BMW group of companies, (which includes companies both in Thailand and abroad under BMW AG). Together, we collaborate to serve customers and provide various systems, including services and systems related to our website. We may need to transfer your personal data to, or allow access to such personal data by, other companies within the BMW Group for the purposes specified in this notice. This enables other companies in the BMW Group to utilize the consents we obtain, or other legal bases.

          5.2 Our service providers : We may use other companies, agents or contractors to perform services on behalf of or to assist with the business relationship with you. We may share personal data including, but not limited to

                    5.2.1 internet, software, website developer, digital media, IT service providers and IT support company;

                    5.2.2 logistic and courier service providers;

                    5.2.3 payment and payment system service providers;

                    5.2.4 analytics service providers;

                    5.2.5 survey agencies;

                    5.2.6 auditors;

                    5.2.7 marketing, advertising media, designer, creative, and communications agencies;

                    5.2.8 call center;

                    5.2.9 campaign, event, market organizers, and agency;

                    5.2.10 telecommunications and communication service providers;

                    5.2.11 outsourced administrative service providers;

                    5.2.12 data storage and cloud service providers;

                    5.2.13 printing service providers;

                    5.2.14 insurance company and broker;

                    5.2.15 collection and legal and registrations service providers; and/or

                    5.2.16 auction house service provider.

          In the course of managing our business relationship, the service providers may have access to your personal data. However, we will only provide our service providers with the information that is necessary for them to perform the services, and we ask them not to use your information for any other purposes. We will ensure that all the service providers we work with will keep your personal data secure.

          5.3 Our business partner : We may disclose your personal data to our business partner to conduct business and services provided that the receiving business partner agrees to treat your personal data in a manner consistent with this privacy notice, such as our dealer, and sale representative agencies.

          5.4 Third parties permitted by law : In certain circumstances, we may be required to disclose or share your personal data in order to comply with a legal or regulatory obligations. This includes any law enforcement agency, court, regulator, government authority or other third party where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals’ personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.

          5.5 Other third parties : This includes professional advisors, lawyers, auditors, technicians, assignees of rights and/or obligations, associations, and non-profit organizations.

6. International transfers

          We may transfer your personal data to third parties or servers located overseas, which the destination countries may or may not have the same data protection standards. We take steps and measures to ensure that your personal data is securely transferred and that the receiving parties have in place suitable data protection standards or other derogations as allowed by laws.

7. How long do we keep your personal data

          We retain your personal data for as long as is reasonably necessary to fulfil purpose for which we obtained it, and to comply with our legal and regulatory obligations. If data is processed for several purposes, the data is deleted automatically or saved in a form that cannot be traced back to you once the last specified purpose has been met. However, we may have to retain your personal data for a longer duration as required by applicable law, such as the 10-year retention period prescribed by civil law.

8. Personal data security

          We understand and recognize the importance of your personal data. Therefore, we have continuously improved and developed our personal data security system to comply with the law and meet modern international safety standards at all times. We are committed to adhering to this notice and emphasize to our personnel and data processors with access to personal data or legal obligations the importance of maintaining and respecting the security of your personal data.

9. Your rights as a data subject

          Subject to applicable law and exceptions, before you exercise your rights, we may ask you to verify your identity. You have the following rights:

          9.1 Withdraw Consent : For the purposes you have consented to our processing of your personal data, you have the right to withdraw your consent at any time.

          9.2 Access : You have the right to access or request a copy of the personal datawe process about you, including asking us to disclose how we obtained your personal data.

          9.3 Data Portability : You may have the right to obtain personal datawe hold about you, in a structured, electronic format, and to send or transfer such data to another data controller, where this is

                    (a) Personal datawhich you have provided to us, and

                    (b) if we are processing such data on the basis of your consent or to perform a contract with you. 

          9.4 Objection : You have the right to object to certain processing of your personal data such as objecting to direct marketing.

          9.5 Deletion : You may have the right to request that we delete or de-identity personal data.

          9.6 Restriction : You have the right to restrict the use of your personal data in certain circumstances.

          9.7 Rectification : You may have the right to have incomplete, inaccurate, misleading, or not up-to-date personal data that we processing about you rectified.

          9.8 Lodge a complaint : You may have the right to lodge a complaint to the Expert Commitees where you believe our processing of your personal datais unlawful or noncompliant with applicable data protection law.

          You can exercise your rights as the data subject of the personal data mentioned above by contacting our Data Protection Officer, details of whom are provided at the end of this document. We may reject your request only in cases specified by law, such as a court order prohibiting it. We will notify you of the results of your request within the timeframe specified by law. If your request is rejected, we will inform you of the reason for the refusal.

10. Contact Us

          If you wish to contact us to exercise the rights relating to your Personal Data or if you have any queries about your Personal Data under this Privacy Notice, please contact us or our Data Protection Officer at

Data Protection Officer

          Email :  dpo@bmw-germanauto.com

          Address :  441 Debaratana Rd, Bangna Nuea, Bangna, Bangkok 10260

11. Changes to this privacy notice

          We may amend this privacy notice from time to time. If our personal data protection practices change due to various reasons, such as technological changes or legal changes,

          This privacy notice was last revised and is effective as of  1 July 2024 (Version 010767)