Skip to content Skip to footer



German Auto Company Limited (“the Company”) recognizes the importance of personal data protection. To ensure that its employees and relevant individuals understand and comply with personal data protection laws, the Company has established this Privacy Policy. This policy outlines guidelines for handling the collection, usage, and disclosure of personal data in accordance with the Personal Data Protection Act B.E. 2562 (PDPA). The details are as follows:

  1. Objectives

          1) To define the roles and responsibilities of departments, management, employees, and personnel involved in handling personal data.

          2) To establish guidelines for employees to ensure compliance with personal data protection laws.

          3) To instill confidence in maintaining the security of personal data among employees, customers, business partners, and other relevant individuals.

  1. Scope of Application

          This policy applies to the Company, including its directors, management, employees, and personnel.

  1. Definitions



the Company

German Auto Company Limited

personal data

any Information relating to a person, which enables the identification of such person, whether directly or indirectly, but not including the information of deceased person in particular.

sensitive data

personal data according to Section 26 related to racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biological data, or of any other data which may affects the data subject in a same manner, as specified by the Personal Data Protection Committee.

data subject

the person whom the personal data is specified.

data controller

a person or a juristic person having the power and duties to make decision regarding the collection, use, and/or disclosure of personal data.

data processor

a person or a juristic person who operate in relation to the collection, use, and/or disclosure of personal data in accordance with the order or on behalf of the personal data controller. However, the person or juristic person who performs such action is not the Data Controller.


Any operations or activities that involve processing personal data, whether done automatically or otherwise, such as collection, recording, structuring, storing, adapting, altering, using, or disclosing by transmission, dissemination, or making data available, alignment, restriction, erasure, or destruction of personal data etc.

Other definitions

If this Privacy Policy does not specify certain definitions, those terms shall be interpreted according to the definitions specified in the Personal Data Protection Act B.E. 2562 (PDPA).

  1. Processing of Personal Data

          The Company will process personal data in the capacity of a data controller and/or a data processor responsibly, as follows:

          1) The Company will provide privacy notices to data subjects before or at the time of collecting personal data.

          2) The Company will process personal data only as permitted by law.

          3) The Company will implement security measures to safeguard personal data in accordance with legal standards.

          4) The Company will establish procedures to manage data breaches.

          5) The Company will provide mechanisms to support data subjects’ rights.

          6) The Company will establish procedures for data disposal when no longer necessary for processing.

          7) The Company will conduct activities in compliance with the Personal Data Protection Act B.E. 2562 (PDPA).

  1. Roles and Responsibilities

          The executives and board members are responsible for overseeing and ensuring that all departments comply with this policy. Additionally, they promote awareness among the company’s employees to integrate personal data protection into the company’s operations.

          Furthermore, executives and board members will establish monitoring processes to ensure compliance with legal guidelines and review operational procedures to align with the law.

          The Data Protection Team or Data Protection Officer has the responsibility to provide guidance, conduct audits, supervise, and ensure that personal data management complies with the law, reporting results to executives and board members.

          Employees of the company have a responsibility to adhere to the policy, operational procedures, and laws related to personal data protection. They are also required to report any abnormalities regarding the personal data protection process to the authorities.

  1. Penalties

          Individuals responsible for any operational duties within their scope who violate the Company’s policies and practices regarding personal data protection and/or provisions under the Personal Data Protection Act B.E. 2562 may face disciplinary action by the Company.

          Moreover, if such actions result in harm to the Company and/or any other individuals, the Company may consider further legal proceedings.

  1. Policy Amendments

          The Company will periodically review its personal data protection policy. In case of amendments or changes, the Company will notify within 30 days from the date of such amendments or changes.


This policy shall take effect from ……………………onwards.

                                                                                                                                                                                                           Announced on [ Please specify ]



                                                                                          (………………………………….. ) 

                                                                                     Chief Executive Officer

                                                                                        [ Please specify ]