Privacy Policy

Indorama Ventures Public Company Limited and its affiliates and subsidiaries (referred to as “Company”, “we,” “us,” and/or “our group”) as a vendor providing goods or services to you, or as a customer purchasing goods or services from, or as the provider of our online and mobile resources visited or used by you, inform you through this Privacy Policy regarding our collection and processing of your Personal Data. We use the words “you” and “your” in the Privacy Policy to refer to both employees and contractors of our customers and vendors, shareholders as well as to visitors and users of our online and mobile resources, whose Personal Data is collected and processed by us as the data controller.

Clause 1 Announcement Name and Effectiveness

This Indorama Ventures Public Company Limited Privacy Policy, hereafter “Privacy Policy” shall become fully effective from the date of announcement.

Clause 2 Definitions

“Personal Data” means any information relating to a natural person, which enables the identification of such individual, whether directly or indirectly.

“Sensitive Personal Data” means Personal Data pertaining to racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation, criminal records, health, disability, trade union membership, genetic data, and biometric data such as fingerprints or facial recognition.

“Processing, Process or Processed” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combining, restriction, erasure or destruction, or inferences drawn from personal data to create a profile reflecting preferences and characteristics.

“Personal Data Protection Law” means all laws, regulations, and other legal requirements, including but not limited to Thailand’s Personal Data Protection Act, B.E. 2562 (2019), the European Union’s General Data Protection Regulation (GDPR), the California Privacy Rights Act (CPRA), and any sub-regulations, official guidelines and regulatory interpretations thereof, as applicable to the Processing of the Personal Data (as amended and/or replaced from time to time).

Clause 3 Types of Personal Data that may be Processed

We may, directly or indirectly from you, or from other sources such as our business partners, depending on the context of your interactions with us, Process the following types of information, which may include your Personal Data:

3.1 Personal details i.e., your title, full name, occupation, date of birth, company’s title position, working information (e.g. type of organization, workplace, position, department, the company at which you are working or holding shares), age, nationality, marriage status, photograph, image, voice and telephone recording, signature, CCTV records, shareholding percentage, complaints, your comments on our goods and services and inquiries via social media;

3.2 Contact information i.e., address defined in the identification card, current address, business address, postal address, telephone number, business number, mobile number, fax number, email address, postal number, social media account (i.e., Line and WhatsApp), channels you use and ways you interact with us as well as other communication information;

3.3 Information for identity verification from official documents i.e., national identification number, passport number, tax identification number, social security number, information from your driving license, company’s affidavit (which includes director’s name) or any similar identifiers;

3.4 Behavioral data: i.e. data supplied through the use of this our online and mobile resources;

3.5 Technical Information in relation to our online and mobile resources: Internet Protocol (IP) address, web beacon, log, device ID, GPS location, device model and type, network, connection details, access details, Single Sign On (SSO) access information, access time, time spent on our page, cookies, login data, search history, browsing details, browser type and version, time zone setting and location, browser plug-in type and version, operating system and platform and other technology on devices you use to access the platform;

3.6 Marketing and communications channel details i.e., your preferences in receiving marketing information from us, including your preferences on communication channel or format for our goods and services, information of your interaction with us, other communication channel preferences, contact details and marketing data (i.e., the information supplied through surveys, polls, comment request forms or researching activities);

3.7 Profile details i.e., account identifier, username, and password, PIN ID code for sale of our products, goods and services;

3.8 Usage details i.e., information on how you browse or use our online and mobile resources, goods and services, methods you use to interact with our advertisements (including content viewed, links clicked and other usage details);

3.9 Relation management information i.e., such as account name, transaction history, relationship history including your details regarding interactions with us, such as information you provided to us as specified in a contract, registration data, you signature, meeting records, application information, poll, research or information collected during your participation in our business activities, seminar, training or social activities.

If you provide Personal Data of any third party (e.g., your emergency contact person, spouse, parent, descendant, relative, child, employer, agent, beneficiary or reference person, or employer, shareholder, director or relevant person to your organization)), you must ensure that you have the right and/or authority to provide such person’s Personal Data and you are authorizing us to use such Personal Data in accordance with this Privacy Policy. In such a case you are responsible to notify each person of this Privacy Policy and/or for obtaining consent from each person (if necessary) and/or for any other legal basis based on which you are authorizing us to process this Personal Data.

Clause 4 Legal Grounds and Purposes

We collect, use, and disclose your personal data only when there is a lawful basis. This includes situations where we collect, use, or disclose your personal data on legitimate grounds, such as legal obligations, the performance of a contract you have entered into with us, our legitimate interests, your consent, and other lawful bases available under applicable Personal Data Protection Laws. The legal bases and purposes based on which we may Process your personal data are set out below:

4.1 To take steps at your request prior to entering into a contract or for the performance of a contract:

• sign-up, enrollment or registration of any kind with the Company;
• procurement or sales of goods and services;
• providing or receiving goods or services;
• performance of obligations in relation to financial transactions with the Company; and
• administration of contractual relationships and contract management.

4.2 Compliance with legal obligations

• compliance with existing and future laws or regulations applicable to the Company such as Public Limited Companies law, securities and exchange law, tax law, labour law and electronic transaction laws; and
• compliance with lawful orders of relevant government authorities, regulators or authorized officers.

4.3 Legitimate Interest

• verification and authentication of your identity;
• satisfaction surveys and assessments of the products and/or services of the Company;
• research and development as well as improvement of quality of products, operations, services, and related activities and businesses of the Company;
• analysing and monitoring of services and investigating usage problems;
• access control and security controls in and outside of the buildings, premises, areas and production units including information and IT systems of the Company;
• risk management and prevention thereof, including internal and external audits of the Company;
• commencement and exercise of legal claims or legal actions and related proceedings;
• participation of and arrangement of activities or events of the Company;
• administration of complaints, suggestions, or requests;
• fraud detection: to verify your identity and to conduct legal and other regulatory compliance checks (for example, to comply with anti-money laundering regulations and prevention of fraud). This includes performing sanction list checking, internal audits and records, asset management, and other business controls
• training management: To conduct training activities both in physical and in e-learning formats and/or to issue a certificate of training participation to you;
• protecting our interests and related persons: to protect our legitimate interests such as protecting the security and integrity of our business, including detecting and preventing misconduct within our premises, which includes the use of CCTV; following up on incidents; preventing as well as reporting crimes;
• communications and contacting you: to contact, coordinate, provide services, publicize, share notices and newsletters.
• marketing and communications: to provide marketing and communications, sales, promotions, special offers and discounts related to our goods and services;
• disclosing information within our Group of companies: such as our affiliates or subsidiaries and/or our trusted contractors inside or outside Thailand;

4.4 Consent of the Data Subject

• communication of activities, news and public relations;
• creating databases for analytics purposes as well as research and development of products and services of the Company, or of relevant sales representatives or partners;
• when processing sensitive data
• in case of a minor, incompetent or quasi-incompetent person requiring consent from, as applicable, from his/her parent, guardian, or curator (see section 11 below).

Clause 5 Retention

5.1 We need to retain and store your Personal Data as long as necessary to fulfill the purposes for which it was collected, or to comply with legal, regulatory and internal requirements, as reflected in our retention policies.

5.2 For the purposes of defending and protecting the legitimate rights of the Company, without causing an excessive impact on your rights, we reserve the right to retain Personal Data in line with the statute of limitation under applicable law.

Clause 6 Disclosure of your Personal Data

6.1 We may use other companies, agents or contractors to perform services on behalf of or to assist with the provision of products, goods or services to you. We may share your Personal Data with such service providers or third-party suppliers. The disclosure of your Personal Data to these third parties shall be done only on a contractual and a need-to-know basis.

6.2 Furthermore, we may share your Personal Data with any third party involved in the organizational restructuring, merger and acquisition, sale, joint venture, assignment, transfer, or any form of distribution of all or part of the Company’s business, assets, or stock, both during an offering and committed phases; or in an insolvency or any similar process; provided that the disclosure of your Personal Data in such circumstances shall be done only on the need-to-know basis and pursuant to a data processing agreement entered into and between the Company and such third party. Those assignees shall in respect to your Personal Data comply with the limitations set out in this Privacy Policy.

6.3 The Company may disclose your Personal Data to governmental or regulatory authorities, including revenue and tax authorities, courts and dispute resolution tribunals or any other government authorities that the Company may be subject to, in case such disclosure is required to comply with orders from such authorities, or to defend the Company’s rights, the rights of third parties, individuals’ personal safety, or to detect, prevent or address fraud, security, or safety issues.

6.4 We may disclose and/or transfer your Personal Data to companies that we have partnered with us to use, provide, buy, offer, or enhance our products, goods and services.

6.5 Furthermore we may share your Personal Data with other persons or parties if you have given explicit consent to us to share your Personal Data with these parties.

Clause 7 Your Rights as the Data Subject

The Company assures your statutory rights regarding your Personal Data as follows. You have the right to:

7.1 request information regarding the Company’s Processing activities with your Personal Data as well as access to your Personal Data. In such a case our response may e.g. include the following information about our Processing activities with your Personal Data: categories and types of Personal Data; sources from which it was collected; purposes for which it was used and shared, as well as the categories of third party recipients.

7.2 rectification of your Personal Data;

7.3 request portability your Personal Data to other data controllers, by ways of automatic tools or equipment in a format that is readable or commonly used;

7.4 request for the deletion or de-identification of your Personal Data, for example when your Personal Data is no longer necessary to be processed or when you have withdrawn your consent for the applicable processing activity;

7.5 request the Company to temporarily restrict the use of your Personal Data in certain cases, for example in case you have a dispute with the Company regarding the Company’s processing of your Personal Data;

7.6 at any time, withdraw the consent that you have given to the Company for collection, use and disclosure of your Personal Data;

7.7 lodge a complaint to the competent authority if you believe that the Company does not comply with Personal Data Protection Laws in relation to your Personal Data;

7.8 If your Personal Data is subject to the CPRA, this Privacy Policy provides the information as set out under 7.1 above about our Processing activities with your Personal Data in the previous 12 months. Furthermore, we confirm we have not sold or shared (as defined in the CPRA) your Personal Data for purposes of cross-context behavioral advertising; and that you have the right to be free from unlawful discrimination for exercising your rights under the CPRA.

7.9 If you submit a complete and accurate request to exercise your individual rights under applicable Personal Data Protection Law, the Company will, after identification, respond to your request within the timeframes set out under applicable law. In some cases, we may not be able to honor your request. For example, we will not honor your request if we are not able to verify your identity or if we cannot verify that you have the authority to make a request on behalf of another individual. Additionally, we will not honor your request where an exception applies, for example if the disclosure of Personal Data would adversely affect the rights and freedoms of other individuals, or where the Personal Data that we hold about you is not subject to the indivdual rights under applicable Personal Data Protection Laws.

Clause 8 Cookies and how they are used

If you visit our website www.indoramaventures.com, we will gather certain information automatically from you. For more information about the collection of cookies on our website please visit our cookie policy at https://www.indoramaventures.com/en/cookies-policy.

Clause 9 Security Measures

We maintain appropriate security measures for Personal Data, which cover administrative, technical and physical safeguards in relation to access control to protect the confidentiality, integrity and availability of Personal Data against any accidental or unlawful or unauthorized loss, access, use, alteration, correction or disclosure of Personal Data, in compliance with the applicable Personal Data Protection laws.

We have implemented access control measures that are secured and suitable for our collection, use and disclosure of Personal Data. We for example restrict access to Personal Data as well as storage and processing equipment by imposing access rights or permissions, user access management to permit access only by authorized personnel, and user responsibilities to prevent unauthorized access, disclosure, perception or unlawful duplication of Personal Data or theft of devices used to store and process Personal Data. This includes methods enabling the re-examination in relation to access, alteration, erasure or transfer of Personal Data which are in line with methods and channels to collect, use or disclose Personal Data.

Clause 10 Privacy Management Plan

Except for our legal duty to maintain the Security Measures, we disclaim any liability for security incidents to the maximum extent allowed by law. We cannot guarantee the absolute security of your Personal Data against unauthorized access, loss, or accidental destruction. However, our Security Measures include specific incident response and management procedures that activate when we become aware of a potential compromise of your Personal Data. These procedures include mechanisms for notifying affected data subjects within legal timeframes and providing necessary mitigation and protection services, such as credit monitoring and ID theft insurance. We also require you and other business partners to notify us immediately if they believe an incident affecting our Personal Data has occurred.

Clause 11 Minors Policy

We will not knowingly collect the Personal Data of minors under 16 year-olds (e.g. our online and mobile resources are not intended for, let alone targeted at minors) and do not allow such persons to register for and use goods or services without obtaining parental consent or without relying on any other legal bases. We may need to cease providing good or services to these persons if we become aware that the consent and Personal data were collected incorrectly and illegally, unless we can rely on other legal bases other than consent.

Clause 12 International Transfers

The Company operates globally. This means Personal Data collected may be stored and processed (transferred) outside of the country or region where it was initially collected. We protect your Personal Data in accordance with this Privacy Policy wherever it is processed and take appropriate contractual or other steps to protect it under applicable laws. For data transfers to countries that provide a lower level of protection for Personal Data than the country where your Personal Data was collected, these steps for example include use of the European Commission's Standard Contractual Clauses or equivalent contractual clauses (e.g. approved or issued by regulators in other jurisdictions), where needed, along with supplementary measures.

Clause 13 Updates

We periodically review and may modify this Privacy Policy. If we make modifications, we will continue to uphold our commitment to keeping your Personal Data secure and our Processing compliant with applicable Personal Data Protection Laws. Where we determine that such a change materially impacts on your privacy rights, we will take steps to provide additional notice.

Contact us

Indorama Ventures Public Company Limited

Address: 75/102 Ocean Tower 2, 37th Floor, Sukhumvit 19 Alley (Wattana), Asoke Road, North Klongtoey Sub-district, Wattana District, Bangkok 10110, Thailand

Contact channel: Tel : +66 (0) 2661 6661, Fax : +66 (0) 2661 6664-5

Data Protection Officer

Contact channel: dpo@indorama.net

Last updated in June 2024