Privacy Notice for Customer
Last update date: July 18, 2023
Ford Sales and Service (Thailand) Co., Ltd. (the "Company", "we", or "us") respects your privacy. This privacy notice for customers (the "Notice") describes how we collect, use, and/or disclose personally identifiable information ("Personal Data"), both that provided by you and received by us from other sources. This Notice applies to persons whom we interact with in the course of our business. They include, but are not limited to:
(1) individual customers (both past and current), and prospective customers;
(2) authorized persons, directors, shareholders, employees, personnel, persons authorized to foster business relationships, and any other persons with the same status, including the contact persons of corporate clients ("Related Parties");
(3) website and application users; and
(4) other persons, e.g., visitors, participants in company events, government officials, and mass media staff.
This Notice will also apply to other persons who are related to the aforementioned persons and whose Personal Data is received by us from the aforementioned persons (hereinafter referred to as the "customer", "you" or "your")
All the use of Personal Data prescribed under this Notice will be in line with laws, including the Personal Data Protection Act, B.E. 2562 (2019) and the Company's policies and operational procedures in force at that time.
Authorized Ford Dealers ("Dealers") are independent entities and not related to the Company and may have privacy policies which differ from ours. Dealers are responsible for their own privacy policies and privacy practices. Please contact your Dealer directly for further information. If you wish to unsubscribe from receiving direct marketing communication from the Dealer, please contact the Dealer directly.
If you drive a Ford Connected Vehicle, please carefully read the Ford Connected Vehicle Terms and Privacy Policy at www.ford.co.th/owner/fordpass.
If you use the FordPass App, please carefully read the FordPass Terms and Privacy Policy at www.ford.co.th/owner/fordpass.
Terms used in this Notice
· "Personally Identifiable Information" or "Personal Data" refers to the types of Personal Data that will be mentioned below.
· "Processing" means collection, storage, execution, use, correction, alteration, transfer, disclosure, or handling by other means.
Types of Personal Data we collect
The types of your Personal Data being processed by us may vary according to the nature of the contract, business relationship, and interactions you have with us. We may receive Personal Data from a variety of means, including direct collection from you (such as via email or telephone, at the Company's website, application, online sales (eCommerce), online service appointment systems, in-vehicle technology devices (such as SYNC data and problem analysis systems), car pick-up and drop-off service, the Company's office, customer service centers, online social media, competitions or promotional events, or when you conduct any business with or interact with us) or the acquisition from other sources, (such as Dealer from whom you purchase products or services, affiliates or joint ventures, external service providers (such as market research providers), business partners, other third parties (such as complainants), government agencies (such as the Department of Business Development, the Revenue Department, the Department of Provincial Administration, the Royal Thai Police, the Anti-Money Laundering Office, the Legal Execution Department, and courts), and/or public data sources. Personal Data may include information of the following types.
· General information and contact information, e.g., prefix, name-surname, photo, signature, age, date of birth, gender, marital status, address, email address, telephone number, fax number, social media account name, and/or other information you chose to disclose to us that may be considered Personal Data.
· Personally Identifiable Information contained in documents issued by government agencies, including copies of those documents, e.g., national identification cards, driver's licenses, passports, visas, residence permits, work permits, house registration, car or other vehicle registration, social security number, and taxpayer identification numbers.
· Your vehicle's information, e.g., license plate, model name, car color, date of purchase, chassis number, engine number
· Information appearing in corporate documents, e.g., shareholder registration books, corporate registration certificates, memoranda of association, VAT registration certificates, and VAT certificates (Phor Phor 20 forms).
· Financial information and information supporting the execution of a contract, e.g., information regarding bank accounts, payment information (such as dates of payment, payment methods, and payment currency), invoice information, taxpayer identification numbers, information regarding tax withholding, information regarding financial status (such as information on financial status certificates, credit information, bank statement, bankruptcy status, source of income, fixed assets, expenditures and debts), level of education, employment information, (such as position, department, occupation, and expertise), qualification, results of background checks undertaken before entering into any contract or agreement with customer, identification numbers of corporate clients, types of corporate clients.
· Relationship information between you and the Company, e.g., the Company's products or services that you used, are using or are interested in, channels and methods of interaction with the Company, transaction information, transaction history and/or other contractual details or business relationship that you have with the Company, any other information used to determine which products or services are suitable for customers' needs, profiling result, history of product or service offerings.
· Information regarding surveillance for safety, e.g., stills, moving images, sounds from CCTV, system access information, building access, information system code and the right to access the Company's information system, and electronic data generated by your use of the system.
· Information regarding the use of the website, application, and device, e.g., the serial number of the computer used by customers, the name of the customers' internet service providers, customers' browser versions, the website that transfers the customers' information to the Company, the website referring to the Company, and the next website that customers go to, the webpages visited by customers, the date and time of the visit and use of the website, other information about the use of the website and applications, the country in which customers are located, cookies and other tracking technologies information (e.g. Pixel Tags, Web Beacons and Java Code, username, password, computer logs, GPS information, application ID, MAC address, media access control information, computer traffic information, operating system and platform and other technologies on the device used to access the website or application).
· Other information e.g., information on communications between customers and the Company, information regarding communications between customers and Dealers, (e.g., the type of car purchased by the customer and the history of car changing or repairing), survey results, complaints, litigation, disciplinary investigations, event attendance details, any other information appearing on documents relating to the Company's business management, information that customers ask the Company to disclose, other Personal Data that customers voluntarily provide to the Company or that the Company obtain from any third-party person or entity for operating the Company's business, for complying with legal or contractual provisions, or for conducting any other businesses of the Company, information or history regarding the commission of an offense (e.g., complaints, investigation data, fraud information, offense).
· Information about relevant persons, e.g. employee, directors, and shareholders of any company relating to you.
· Sensitive Personal Data includes:
· Sensitive Personal Data that is contained in documents issued by government agencies that the Company may separately request your consent, from time to time, where the Company cannot rely on other legal bases.
If we receive information about third-party persons (e.g., information about employees, directors, and shareholders of any juristic person relating to you, such as prefix, full name, photograph, signature, date of birth, gender, nationality, postal address, email address, telephone number, and certain identification numbers issued by government agencies) that you provide to us, and if those third-party persons have a business relationship with us, you should ensure that you have the right and/or authority to provide their Personal Data to us and to allow us to process their Personal Data in line with this Notice. Such provided Personal Data is accurate and complete, and you will inform the Company of any changes to such Personal Data. You are obliged to inform them of the details of this Notice and to seek their prior consent (if their consent is required) or to have another lawful basis for providing this Personal Data so that we can process their Personal Data in line with the law and this Notice.
In certain circumstances as prescribed by law, we cannot process the Personal Data of minors, quasi-incompetent persons, and incompetent persons without the consent of their holders of parental responsibilities, curators, or guardians. Therefore, if you are a person under the age of 20 and under the legal age, a quasi-incompetent person, or an incompetent person, you must ensure that you obtain the prior consent of your holder of parental responsibilities, curator, or guardian (if their consent is required). If we learn that we have unintentionally collected Personal Data from any person under the age of 20 and under the legal age, without the consent of his or her holder of parental responsibilities as required by law, or from any quasi-incompetent or incompetent person, without the consent of his or her legal curator or guardian (as the case may be), we will delete that Personal Data immediately or process that Personal Data only to the extent that we are able to rely on a lawful basis other than consent or are otherwise permitted by law.
Purposes
We can process your Personal Data for business-related purposes based on your consent, or other lawful bases other than consent as follows:
Purposes that require consent
· Communications for marketing purposes, where the Company cannot rely on other legal bases.
o We may process your Personal Data such as name, surname, personal information, contact details, and other necessary information to provide information on offers, promotions, news and information about products and services and marketing communications from us, companies in Ford Group, Dealers and/or business partners, for which we cannot rely on other legal bases.
I acknowledge that I can withdraw my consent or unsubscribe from the marketing communications by contacting Ford Call Center at 1383.
If we rely on your consent, we will request your consent from time to time.
Please note that consent refusal or consent withdrawal may prevent us from performing actions as requested by you, and may affect our contractual performance or agreements we have with you or legal entity associated with you. It may also impact your or our compliance with legal obligations in the event that such action is based on the consent you refuse to provide or you withdraw such consent.
Purposes that the Company can rely on other legal bases than consent
We may process your Personal Data using any of the following lawful bases, (1) the performance of a contract basis, for the purpose of commencing, entering, or performing a contract or an agreement with you; (2) legal compliance basis, for compliance of legal obligations by the Company; (3) the legitimate interests of the Company and/or of any third-party person basis; (4) the prevention or suppression of dangers to life, body, or the health of any person basis; (5) the public interest basis, for the purpose of carrying out missions for public interest or performing duties in exercising state power; (6) the establishment of rights or defense of legal claims basis; (7) the necessary legal compliance basis, e.g., for public health purposes; (8) disclosure of Personal Data with your explicit consent basis; and/or other lawful bases which we can rely upon under the applicable law.
The following purposes for the processing of certain types of Personal Data may or may not apply to you, based on the relationship and the type of contract or agreement you have with us.
· Prerequisite procedures and entering into a contract or agreement, e.g., providing consultation, advice, or information about products or services choices, facilitating before and after the purchase of products or services (such as test drive registration, facilitation, after-sales service), identity verification and authentication or other information, (including financial status audit, due diligence in the case of corporate customers), risk assessment, issuing quotations, entering into contracts or agreements relating to customers, recording data, disclosing information to any other person relating to the transaction.
· Communications, e.g., responding to questions or complaints, notifications, and communications related to business relationships, contracts, or agreements that the Company has with customers, including service appointments, document delivery, public relations, marketing communications that the Company can rely on legal bases other than obtaining consent.
· Products and/or services procurement, e.g., performing actions pursuant to the customer's requests, order processing, managing business relationships, event organizing, competition or sales-promotions, executing transactions or purchasing products or services, payment processing, bank account related activities, issuing invoices, payments collections, following up on debt collection, procedures and tracking on delivery, receipt or return of products or services, 24-hour emergency services and assistance (Ford Roadside Assistance), service improvement, delivery inspection, planning, executing and managing relationships and contractual rights with the customer, providing services related to product quality assurance, providing services via online system, including online sales (eCommerce), providing an online service appointment system, car pick-up and delivery service from service-centre to the appointment place, providing services through other platforms or channels on Ford website or application, following up on repairing and after-sales service by Dealers and any other support services.
· Operations by the Company, e.g., creating account or identification numbers for customers, recording of the collected information, storing contracts or agreements, managing related documents that may contain your names, enforcement of contracts and/or agreements with the Company, communication with affiliates or joint ventures, service providers, and other business partners, use of your Personal Data as evidence to support any transaction, issues or complaints solving, auditing and accounting (both internal and external), controlling the spread of and screening for communicable diseases, analysing information and preparing internal reports for the Company's benefit, including preparing report to assess the Dealers, conduct of satisfaction surveys, improvement of, research and development for the Company's products and services, including working system, business operations, marketing strategy, and risks management.
· Data analysis on customer interests or behaviour, e.g., statistical data analysis, behaviour analysis, analysis on customers group and customer interests, market trends, any other analysis that the Company made for marketing promotion or for the Company's products and services development in which the Company can rely on legal bases other than obtaining consent.
· Management of information technology (IT) systems, e.g., storing your Personal Data on IT servers efficiently, strengthening the security of IT systems, tracking the use of the Internet or the Company's website, managing the Company's website (including for statistic purpose, measuring the popularity of activities on different websites for further improvement for the visitors' maximum benefit, providing services and communications as requested by you, improving services and websites, or examining and improving the efficiency of advertising and of the use of any website on which a third party may display the Company's advertisements or other advertisements that are likely to meet your needs on the website, and presenting those advertisements based on the customers' previous visits to the Company's website and previous participation in any other online activities. You can choose to not allow your data to be used for Interest-based Advertising purposes by managing your settings on the web browser or your devices, or the preferences in your social media account settings.
· Compliance with legal obligations, e.g., complying with laws, legal proceedings, or government agency's orders, and/or cooperating with courts, regulatory agencies, government agencies, and law enforcement agencies, when we have reasonable grounds to believe that we are required to comply with the laws and/or orders, or to provide that cooperation. In this case, we may need to disclose your Personal Data in order to strictly comply with the provisions of the laws, legal proceedings, or the government's orders, and to follow the procedures of internal investigation, complaint or claim management, the investigation or prevention of crimes and frauds, and/or establishment of legal claims.
· Protection of the Company's interests, e.g., maintaining security and integrity of the Company's business, exercising the Company's rights, and protecting the Company's interests when necessary and lawful, e.g., for the purposes of detecting, preventing, and taking any action regarding any fraud or violations of law, litigation, and using CCTV cameras to monitor suspicious activities, to prevent and report crimes, and to maintain security.
· Dispute management, e.g., settling disputes, enforcing the Company's agreements, collecting witnesses and evidence, and establishing, complying, exercising, or defensing and/or taking any legal actions related to the Company's legal claims.
· Organizational restructuring, e.g., merging businesses, carrying out the sale or purchase of a business, investing in other businesses, transferring rights or ownership, disposing of businesses, disposing of assets or shares, business rehabilitation, and participating in a joint venture, whereby we may need to disclose your Personal Data to any assignee of rights as part of any such transaction.
· Prevention or suppression of dangers to the life, body, or health of any person.
· Sensitive Personal Data
o Sensitive Personal Data contained in documents issued by government agencies. For example, in the event that we receive religious information from your national identification card, we will process a copy of your national identification card for the identity verification and authentication. However, the Company has no purpose of processing such religious data.
However, in certain circumstances, the refusal to provide Personal Data to us may prevent us from preforming at your request. As a result, this may affect the performance of any contract or agreement we have with you or with a juristic person relating to you. In addition, this may also affect your or the Company's compliance of legal obligations.
Disclosure of Personal Data
Your Personal Data may be shared with our affiliates and may be disclosed to other juristic persons (such as our service providers) who provide us with Personal Data management services to the extent necessary to fulfill the abovementioned purposes. Your Personal Data will only be disclosed to others for legitimate business purposes. We may disclose your Personal Data to the following persons:
· Affiliates or joint ventures. We may need to disclose your Personal Data to affiliates and joint ventures or may allow those affiliates and joint ventures to access your Personal Data for the objectives stated above.
· Service providers of the Company. We may be required to disclose your Personal Data in order to use any services or to allow service providers to act on our behalf. We will provide your Personal Data to the extent necessary for their provision of the services and will request that those service providers not use your Personal Data for any purpose other than those agreed upon with us. Those service providers include, but are not limited to: (1) IT service providers; (2) logistics and freight service providers; (3) data analytics service providers; (4) data storage and cloud service providers; (5) document storage and shredding service providers; (6) providers of print media and document or parcel delivery services; (7) banks, financial institutions, and financial service providers; (8) survey service providers; (9) postal service providers; (10) event management service providers (including promotion events); (11) website service providers (12) debt collection service providers; (13) marketing service providers (including market trend analysis services); (14) 24-hour emergency assistance service providers; and (15) call centre service providers.
· Business Partners. We may disclose and/or transfer your Personal Data to our Business Partners (e.g., Dealers, advertising business partners, auto insurance companies, insurers (including the extended warranties)
· Persons prescribed by law. We may disclose your Personal Data to comply with applicable laws and to cooperate with government agencies and/or other law enforcement agencies when we have reasonable grounds to believe that we are required to comply with those laws and orders or to provide that cooperation.
· Consultants. We may disclose Personal Data to our consultants, including but not limited to legal consultants and/or auditors.
· Assignee of rights and/or obligations. We may undertake organizational restructuring which may require us to disclose your Personal Data to any assignee of rights and/or obligations as a result.
· Other recipients of Personal Data. We may disclose your Personal Data to other individuals or juristic persons for the purposes prescribed under this Notice. Those recipients of Personal Data may include but are not limited to individuals or juristic persons to whom you request the disclosure of Personal Data, those who request the exercise of the right to view the recorded CCTV footage, the general public, industrial agency (in the case of provision of statistical data regarding sales) and/or conduct public disclosures by any other means.
International transfer of Personal Data
We may transfer Personal Data to individuals or juristic persons located in foreign countries, such as for the purpose of storing Personal Data in the operational systems of our global affiliates, for the purpose of vehicle warranty, recalls or field service actions for safety, or for satisfactions/quality improvements, for the purpose of other assistance services by approved service providers around the world and Ford’s business partners (which is located in United States of America, United Kingdom, Germany, South Africa, Bulgaria, India, China and/or Singapore.), whereby a destination country may have more or less strict Personal Data protection standards than those in Thailand. When we need to transfer your Personal Data to any country applying less strict standards than those in Thailand, we will follow all necessary procedures and measures to assure you that appropriate protection is in place, and that the recipients of Personal Data implement the Personal Data protection standards as required by law. In certain circumstances, we may seek your prior consent for the international transfer of your Personal Data, if necessary.
Personal Data security management
We have set out appropriate Personal Data security measures as required by the applicable laws, including the Personal Data protection law, covering the collection, use, and disclosure of Personal Data, whether in hard copy, electronic files, and/or any other format. This includes organizational, technical, and physical measures, covering various components of information systems relating to the processing of Personal Data. We have taken the security requirements under the Personal Data protection law into account, in order to maintain the confidentiality, integrity, and availability of Personal Data as appropriate, based on the risk level, nature, and purpose of the Personal Data processing, as well as the likelihood and impact of a Personal Data breach. We will also control access to Personal Data and to important components of the information systems, conduct proper user access management, determine each user's duties and responsibilities, establish appropriate procedures for retroactive audits regarding access to, alteration to, correction of, or deletion of Personal Data, carry out investigations into and surveillance for threats and Personal Data breaches, conduct incident responses when threats and Personal Data breaches are detected, and remedy any damage arising from threats or Personal Data breaches. In addition, knowledge and understanding of Personal Data protection and security management are enhanced among relevant personnel. The purpose of which is in order to prevent unauthorized or unlawful loss, access to, use, alteration, modification, or disclosure of your Personal Data.
Our service providers are required to keep Personal Data confidential and to implement Personal Data protection measures, administratively, technically, and physically, as appropriate. Those service providers are not permitted to use Personal Data for any purpose other than the delivery of services to us.
Personal Data retention period
We will only store your Personal Data for the period necessary to achieve the objectives as prescribed under this Notice. We may extend the Personal Data retention period if necessary to comply with laws, regulations, and internal policies of the Company, or when any dispute arises.
Rights of a data subject
Under the provisions of the Personal Data protection law and the Company's procedures for managing a data subject's rights, you, as a data subject, are entitled to the following rights.
(1) Right to request access to Personal Data. You have the right to request access to or to obtain a copy of your Personal Data being collected, used, or disclosed by us. However, we may be unable to provide you with certain information, e.g., that protected by exclusive rights or trade secrets.
(2) Right to request the correction of Personal Data. You have the right to request that your Personal Data be corrected to be accurate, up-to-date, complete and not misleading. When you learn that your Personal Data as provided to us is incorrect or wish to update your Personal Data, you can contact us to correct it.
(3) Right to port data. You can ask us to prepare your Personal Data in an electronic format to be further transferred to other data controllers
(4) Right to object to the collection, use, or disclosure of Personal Data. You can object to the collection, use, or disclosure of Personal Data at any time to the extent permitted by applicable law.
(5) Right to request restriction of the use of Personal Data. You may request that we suspend the use of your Personal Data in certain circumstances.
(6) Right to withdraw your consent. If you previously provided consent to us for collecting, using, or disclosing your Personal Data, in certain circumstances, you can revoke that consent at any time.
(7) Right to request the deletion or destruction of Personal Data. You may request that we delete, destroy, or anonymize your Personal Data being collected, used, or disclosed by us.
(8) Right to lodge a complaint. If you deem that the Company's operations do not comply with the Personal Data Protection Act, B.E. 2562 (2019), you are entitled to lodge a complaint with the competent authority.
Your exercise of the abovementioned rights may be limited by the applicable laws and exceptions. In certain circumstances, we can lawfully reject your request, such as when we are obliged to comply with laws or court orders. However, if we reject your request, we will inform you of the reason for doing so.
We may request that the data subject provide proof of identity before performing your request to exercise the rights, and in certain circumstances, we may collect a fee for performing your request, as permitted by law.
Amendment of this Notice
We may amend or update this Notice from time to time. Please periodically check this Notice to review any amendments or updates to this Notice. Any amendment of this Notice will become effective when we publish it at www.ford.co.th/privacy-policy/. If the amendment materially affects you, we will give you notice and, when necessary and as required by law, seek your consent again.
Links to other websites
Regarding your use of the Company's website, the website may contain links to other platforms, websites, or services operated by third parties. We cannot warrant any statements or operations and will not assume any responsibility regarding the collection, use, and/or disclosure of your Personal Data by those platforms, websites, or services.
In this regard, we advise you to review the privacy notices of the platforms, websites, or services linked to the Company's website (if any) to acknowledge and understand how they collect, use, and/or disclose your Personal Data.
Cookies and other tracking technologies
The Company, our service providers and/or advertising business partners use the technologies such as "Cookies", "Pixel Tags" and "Java Code" on Ford's websites and in the emails you have received from us. The use of "Cookies", "Pixel Tags" and "Java Code" helps us monitor the effectiveness of our advertising and how visitors use the Ford websites, and generate statistics and measure website activities to improve the usefulness when you visit the website.
A "Cookies" is a small data element stored by your web browser on your computer system. When you selected, the Ford website will store your username and password in "Cookies" to enable you to log in automatically when you return.
Each time you visit Ford website, our servers may deliver certain customized information, including ads, to you based on the data stored in "Cookies". Third party vendors may show our ads on websites on the Internet and serve these ads based on a user’s prior visits to Ford website and other Internet activity. In addition, the Company, our service providers and/or advertising business partners may also use analytics data supplied by third party vendors to inform and optimize Ford ad campaigns.
Interest-based Advertising (IBA)
We may allow third-party advertising business partners, such as Facebook, to install a website usage tracking system and storage technology tools (e.g., Cookies, Web Beacons, and Pixels) on some pages of Ford website to collect information regarding your activities on the website (e.g., IP address, visited web pages, or website time visited). These third parties may use this information (and combine such information with the information collected from other websites, applications, and other digital services) to deliver advertisements that are likely to meet your needs when you use other (non-Ford) websites, applications, or digital services, and to provide measurement services. This practice is commonly referred to as " Interest-based Advertising".
You can choose to not allow your data to be used for Interest-based Advertising purposes by managing your settings on the web browser or your devices, or the preferences in your social media account settings. For example, Facebook: Facebook may use cookies, web beacons and other storage technologies to collect or receive information from Ford websites or elsewhere on the internet. Facebooks uses that information to provide measurement services and target ads. To learn more about how to opt out of Facebook Interest-Based Advertising, go to the Privacy tab on the Facebook website footer, and then select Facebook Ads Controls.
Contact us
If you wish to exercise your rights as a data subject or have any questions about your Personal Data under this Notice, please contact us by using the following contact information.
Ford Sale and Service (Thailand) Co., Ltd.
o 98 Sathorn Square Office Tower, 11th - 12th, North Sathorn Road, Silom, Bangrak, Bangkok 10500
o dpothai@ford.com
o 1383 or 1-800-225-449 (Toll Free)