Page 241 - CRC_One Report 2021_EN
P. 241

Business Overview and Performance      Corporate Governance     Financial Statements   Enclosure



         (1)  The establishments of food shops or food storages:   (1)  Personal data shall be collected where necessary
             In an event that a food shop or a food storage      and for legitimate purposes of data controllers only.
             shall cover more than 200 square meters of space,     Data controllers must inform personal-data owners
             its establishment must obtain a permit from local   of the purposes of data collection, the types of
             officials in advance. If a food shop or a food storage   collected data, and the types of persons or agencies
             shall cover no more than 200 square meters of       personal data may be disclosed to either prior to or
             space, the business operator involved shall have to   during the collection;
             notify local officials to obtain a certificate prior to
             establishment.                                   (2) Collection, usage and disclosure of personal data
                                                                 can be done with consent from personal data
         (2)  If business operations are unhealthy by the definition     owners only, except in events sanctioned by laws,
             of the Public Health Ministry’s announcements or     and data usage must be made for the purposes
             local stipulations such as bakeries or electronic-  stated to personal data owners prior to or during
             device production/repair, the business operator     data collection only; and
             involved shall have to obtain a permit from local
             officials prior to the start of the business operations.  (3) Management of Data Subject Rights. In order to
                                                                 properly comply with the rights of the data subject
             The Group’s business operations involving the       under the law, which are 1. the right to receive
             establishment  of  food  shops/food  storages  and   notification  2. the right to amend  information
             unhealthy  business  operations  that  affect the   3. the right to withdraw consent 4. the right to request
             hygiene of people are under the Public Health       for suspension of information use 5. the right to
             Act. Also, the Group must ensure that it does not   access, request a copy, or disclose the acquisition
             cause a nuisance to people in its neighborhoods.    of personal data 6. the right to obtain and transfer
             For example, it must refrain from any activity that   personal data 7. the right to object to the collection,
             threatens health with noise, odor, or dust. Such    use, or disclose of personal information 8. the right to
             polluting activities are governed by the Public     request the deletion or destruction of personal
             Health Act.                                         information 9. the right to make a complaint via
                                                                 various forms of systems for the data subject to submit
         7. Law on Personal Data Protection                      the complaint request easily and conveniently.


         The Personal Data Protection Act B.E. 2562 (“Personal   In carrying out its retail business, the Group may
         Data Protection Act”) aims to protect personal data     obtain customer data that is defined as personal data.
         that has been compiled, used or disclosed by data       Therefore, the Group is a data controller under
         controllers.  Under  the Personal  Data Protection Act,   the Personal Data Protection Act, and its collection,
         “data controllers” mean a person or legal entity having   use, and disclosure of personal data must comply
         the  power to  make  decisions regarding  collection,   with the Act’s stipulations. The complete Personal
         use  or  disclosure  of  personal  data.  Today,  advanced   Data Protection Act will come into force in 2022.
         technologies and communication systems make it easy     The Act comprises of broad and non-specific laws,
         to compile, use, disclose or seek benefits from         which most of the regulations require that individuals
         personal data and such action may disturb or damage     who collect, use, or disclose personal data must have
         personal-data owners. The Personal Data Protection      standardized measures to strictly keep personal data.
         Act is executed by the Personal Data Protection         This is considered a preventive measure before
         Committee, which has the duty to supervise and          any damage to personal data occurs. In addition,
         take  actions  for  the  protection  of  personal  data     in terms of penalties under the Personal Data
         in regards to its collection, use, and disclosure, including    Protection Act, it also requires the court to calculate
         the formulation of necessary measures such as:          punitive damages as a punishment to those
                                                                 who collect or process personal data without consent,
                                                                 or those committing any acts against this Personal
                                                                 Data Protection Act, whether intentionally or not,



                                                                           Annual Report 2021 (Form 56-1 One-Report)  241
   236   237   238   239   240   241   242   243   244   245   246