Bangkok Expressway and Metro Public Company Limited (“the Company”) realizes the significance of rights related to personal information and data privacy protection including the safety in using personal information. The Company then formulates the Personal Data Protection Policy, as follows:
 

1. “Personal Information”

2. Limited Collection of Personal Information

3. Objectives in Collecting Personal Information

4. Usage and/or disclose of Personal Information

5. Security Measures

6. Complying with the Personal Data Protection Policy and the communication with the Company

Personal Data Protection Policy shall be effective from June 1, 2022 onwards.


 

Guidelines for Personal Data Protection  

1. Definitions

 

2. Collection or Use of the Personal Data
   1. The Company shall only conduct the Processing of the Data Subject’s Personal Data to the extent that it is necessary for the Company’s operational objectives or activities, or as required by law.
   2. ใPrior to the Processing of the Personal Data, the Company shall first obtain the consent of the Data Subject, except in other cases as required by law or in any other cases as specified in these Guidelines. 
   3. Collection, Use or Processing of the Sensitive Data  The Company has no policy for the Processing of the Data Subject’ Sensitive Data unless it is required or exempted by law. However, if the Company needs to collect, use, or process the Sensitive Data for the purposes of its operations, such as criminal record, or health information, the Company shall first notify the Data Subject and obtain the consent of the Data Subject. 
   4. The Company shall process the Personal Data with an emphasis on accurate, complete, and up-to-date data.

 

3. Objectives of Collecting the Personal Data 
   1. To comply with laws, regulations, orders, as well as guidelines or requirements of government agencies which supervise the Company.
   2. To study, analyze or prepare statistics in accordance with the Company’s operational objectives, and to improve the Company’s service quality to ensure greater efficiency.
   3. To analyze and monitor the use of services on the website, as well as to conduct a retrospective inspection in the event of a usage problem, including where the Company outsources the website service, provided that such outsource company shall be responsible for storing the logging in-logging out history as required by law.
   4. To contact and make complaints regarding services, corruption, provision of opinions, complaints about occupational health, provision of suggestions, comments or inquiries, and follow up the status of the complaints via the Company’s website.
   5. To register for logging in the electronic procurement system and/or any other systems as established by the Company.
   6. To analyze, evaluate and implement the safety measures, including the security of the Company. 
   7. For the purposes of operations, services, transactions, including activities of the Company  
   8. In the case of a subsequent amendment to the objectives of collecting the Personal Data, the Company shall notify the Data Subject and obtain the consent of the Data Subject,as well as preparing a memorandum of the amendment as evidence.
   9. The Company shall not take any action which differs from those indicated in the objectives of collecting the Personal Data, except where

 

4. Methods of Collecting the Personal Data     

1. The Personal Data directly supplied by the Data Subject to the Company, including its directors, executives, employees, and individuals representing the Company.
2. The Personal Data automatically collected by the Company from the Data Subject, such as activities and website traffic ways, browsing history by using Cookies and other similar technologies.  
3. The Personal Data received by the Company from any third persons or entities, for example, the Stock Exchange of Thailand, the Office of the Securities and Exchange Commission, Thailand Securities Depository Company Limited, banks, service providers, recruiters, job applicants, government agencies, contractual parties, or business partners.  

 

5. Privacy Measures  

1. Providing the privacy measures in place as follows:

2. Ensuring the determination of levels of rights and restrictions of rights to access data and change the user ID (Password) of the person involved in using, accessing, modifying, amending, deleting, destroying the Personal Data.
3. Providing a system in place to prevent any actions which alter the meaning of data.  

 

6. Disclosure of the Personal Data to Third Persons or Entities

1. A government agency or regulatory authority to implement the order or as required by law, such as the Bank of Thailand, the Office of the Securities and Exchange Commission, the Stock Exchange of Thailand, Thailand Securities Depository Company Limited, Anti-Money Laundering Office, the Mass Rapid Transit Authority of Thailand, the Expressway Authority of Thailand, the Royal Thai Police, the Revenue Department, the Office of General Attorney, court or as required by applicable laws, regulations.       
2.  Service providers, experts in various fields who are outsiders for provision of services to the Data Subject and the Company, such as information technology and communication, insurance companies, marketing companies, information technology development companies. 
3. Third persons or entities, subject to the Data Subject’s consent granted to the Company, or disclosure for the purposes of entering into transactions and/or using services.
4. Alliances, business partners, service providers, service recipients, and personal data processors as assigned by the Company to take care of, provide services, or manage the Personal Data in respect of, such as improvement or maintenance of safety standards of work system and information technology system, payment system, auditing, human resource administration, or any other services which may be beneficial to the Data Subject.
5. Disclosure for the exercise of the Company’s claim or the waiver of defense, litigation, litigation by contract or by law or related to legal process. 
6. Transfer, transmission and/or sending of the Personal Data to any foreign countries

 

7. Disclosure of the Guidelines

 

8. Rights of the Data Subject

1. Access the Personal Data and request to obtain a copy of the Personal Data;
2. Request an amendment or change the Personal Data to be correct, complete and up-to-date;
3. Request a suspension of use or Processing of the Personal Data;
4. Request to delete, destroy the Personal Data, or make the Personal Data non-personally identifiable;
5. Request that the acquisition of the Personal Data to which they have not granted their consent be disclosed;
6. Object to the collection, use or disclosure of the Personal Data;
7. Withdraw the consent;
8. File a complaint with any relevant individuals or agencies in the event of the Company’s non-compliance with law.   

 

9. Data Protection Officer

 

10. Individuals’ Responsibilities for the Personal Data

 

11. Cookies and Cache File
    1. Cookies are small text files with data stored and sent to the Data Subject’s computer in order to allow the Company to record information about the Data Subject’s usage. The Company only uses the Cookies to store information that may be useful to the Data Subject when the Data Subject returns to visit the Company’s website by using the same computer, and the Cookies will be sent to the Data Subject’s computer by the system when the Data Subject logs in without identification and password multiple times, and the Cookies will expire immediately when the Data Subject logs out, deletes the Cookies, or no longer allows the Cookies.
    2. If the Data Subject connects to the Company’s website using other mobile devices, usage data may be collected and saved in the Cache File format or a portion of data may be kept repeatedly on the computer for next usage without having to retrieve data from the source in order to speed up execution.
    3. In the case of data stored in the form of Cookies or Cache Files, the Company has no control over, collection of, or access to such Cookies or Cache Files.       
    4. Deactivated Cookies may limit the Data Subject’s ability to use some services. In this regard, the Company will use the saved or collected Cookies for use in statistical analysis or other activities of the Company in order to further improve the Company’s service quality.

 

12. Period for Collection, Use or Disclosure of the Personal Data

 

13. Amendment to the Guidelines

These Guidelines for Personal Data Protection shall be effective from June 1, 2022 onwards.
 

Privacy Notice Bangkok Expressway and Metro Public Company Limited’s Website Privacy Notice
Bangkok Expressway and Metro Public Company Limited (the “Company”) has prepared this Privacy Notice to establish details on management of personal data of all service users who access the service via the Company’s website at www.bemplc.co.th (the “website”). This Privacy Notice is promulgated on November 1, 2018.

Collection of Personal Data 
For the convenience of using services via the website, the Company has therefore collected service users’ personal data.  To that aim, service users may be required to fill in the necessary information during membership registration, namely: email, name, gender, date of birth, phone number, ID Card Number, and Postal address (depending on the service used).

Furthermore, the Company is required to automatically collect data about services users’ website browsing history, such as IP Address, Browser Type, Domain Name, Access Times, etc., in order to investigate the popularity of the service, statistics from which will be useful for improving the service quality.

Use of Personal Data
Your personal data will only be used by the Company for the purpose of contact, public relations, provision of information and news, including opinion poll on the Company’s activities.

The Company hereby certifies that the Company will in no way use your personal data collected by the Company for commercial purposes or dissemination to any third parties without your consent, unless there is a court order or a request to divulge data by virtue of law, for example, a request for data for the purpose of litigation or legal action, and so forth; there is a law or any government agency or an authority to issue rules and regulations for their enforcement within such jurisdiction requiring to disclose such data.

Right to Personal Data Protection
You have the right to refuse to disclose your personal data at all times.  As a result, this may preclude you from accessing certain content and from receiving benefits of the Company.  You can inform us at www.bemplc.co.th or contact the Company if you intend not to disclose your personal data or not to receive any information or marketing materials from the Company.

Personal Data Security
For the benefit of confidentiality and security of your personal data, the Company has then established the right to access or use your personal data by providing a secure communication channel for personal data by encrypting such data (Secure Socket Layer).  In this regard, the Company will not be liable for any damages resulting from your disclosure of your personal data available on this website to any third parties or from your failure to properly log out from the system after use.

Privacy Notice Update
The Company may update or revise this Privacy Notice without prior notice.  To ensure the appropriateness and efficiency of the service, service users are recommended to read the lastest Privacy Notice each time their access to or use of the service from the website at www.bemplc.co.th.

Company Contact 
    If any Data Subjects have further inquiries, please contact the Company at :
Bangkok Expressway and Metro Public Company Limited

    Expressway Business : 238/7 Asoke-Din Daeng Road, Bang Kapi, Huai Khwang, Bangkok 10310, Tel. (02) 641 4611
    Metro Business : 189 Rama IX Road, Huai Khwang, Huai Khwang, Bangkok 10310, Tel. (02) 624 5200
    Email Address : DPO@bemplc.co.th