POLICY

We, Suntory PepsiCo Beverage (Thailand) Company Limited, care about your privacy and are committed to respect them to the best of our ability. This privacy policy describes how, what and why we collect, use, disclose or process your Personal Identifiable Information (“Data”), your rights relating to your Data, how long we retain your Data, what steps we will take to make sure your Data stays private and secure, who we disclose your Data to, and how to contact us.

This privacy policy is in line with the Personal Data Protection Act, B.E. 2562, widely known as the PDPA, and other related laws. We will notify you if there are any changes to our purpose of processing your Data to ensure compliance with the PDPA.

Please note that some of the links on our platform may lead to third party’s platforms, and if you access these platforms, your personal data will then be processed under the third party’s policies. Make sure that you have read and are satisfied with those privacy policies when accessing such platforms.

Process or processing means any operation or set of operations which is performed on Data, including the collection, use, or disclosure of the Data.

Sensitive Data means a special category of personal data under the PDPA consisting of racial or ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behaviour, criminal records, health data or disability condition, trade union information, genetic data and biometric data.

1.How we collect and use your Data
We only collect and use your general Data where it is necessary or there is a lawful basis for collecting and using it. These reasons include:

1. to prepare historical documents or archives for the public interest, or in relation to research or statistics;
2. believing that the use of your general and/or sensitive Data is of vital interest or to prevent or avoid danger to a person’s life, body or health;
3. believing that the use of your general Data is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;
4. believing that the use of your general Data is necessary for the performance of our task carried out in the public interest or in the exercise of official authority vested in us;
5. believing that the use of your general Data is necessary for the legitimate interests pursued by us or by a third party (e.g. ensuring security and business continuity, providing high standard services, improving our products and services and undertaking product development), unless the interests are overridden by your interests or fundamental rights and freedoms;
6. believing that the use of your general and/or sensitive Data is necessary for compliance with a legal obligation to which we are subject.

Apart from the mentioned lawful basis, we may process your general and sensitive Data on the ground of consent. If we need to ask for your consent, we will make it clear what we are asking for and ask you to confirm your choice to give us that consent. If we cannot provide a service or product without your consent to process your general and sensitive Data, we will make this clear when we ask for your consent.

In general, the reasons for processing your Data are as follows:

1.1. Our contract with you
We will process your general Data in accordance with the agreement between you and us, which may include the following reasons:

1. Executing an agreement for business operation of the company including but not limited to a beverage supply agreement, a distribution agreement, an equipment leasing agreement, an employment agreement, a sale and purchase agreement, a service agreement, a purchase order, a non-disclosure agreement, a letter of intent, a memorandum of understanding, a letter of indemnity, and etc.;
2. Exercising rights or performing obligations under an agreement including but not limited to a beverage supply agreement, a distribution agreement, an equipment leasing agreement, an employment agreement, a sale and purchase agreement, a service agreement, a purchase order, a non-disclosure agreement, a letter of intent, a memorandum of understanding, a letter of indemnity, and etc.;
3. Receiving orders, delivering our products and/or services, ensuring consumers’ and customers’ satisfaction of our products and services as well as providing business support to our business partners including distributors for resale of our products to secondary customers and end consumers through any channels including online, offline, telesales, etc.; and
4. Participating in activities organised by, co-organized by, or on behalf of us for promoting our products, consumer or customer promotion, consumer research, sales activation, brands building, events organized by others with our sponsorship e.g. lucky draw activity, Pepsi Fanclub activity, Pepsi Promotion activity, running activity, Gatorade 5v5.

1.2. Our legitimate interests
We rely on the legitimate interests basis by balancing the nature of your general Data that we process with the normal reasonable expectations and provide safeguards to reduce any negative impacts on your fundamental rights and freedoms. This may include processing your general Data to:

1. process the recruitment and provide job offers to candidates;
2. approach for vendor selection process, third party due diligence process, and procure supply and/or services;
3. receive complaints, proceed for investigate claims, connect to report the results of claims, compensation or complimentary distribution, report for internal use and make public communications;
4. ensure security and safety of persons and properties in our responsibility;
5. engage and communicate business transactions, engage in marketing and selling our products, promotions, campaign, activities, events, lucky draw and activations as well as provide business support to our business partners including distributors, agencies including report for internal use and make public communications;
6. monitor sales performance, market analysis, production plan, sale and marketing strategy and planning as well as seeking for new route to market or distribution channels, conduct market research, consumer’s behaviour analysis, report for internal use and do telesales;
7. process training to our business partners, distributors, and others;
8. conduct vendor selection, bidding, and third party due diligence (TPDD);
9. connect to third party and competent authorities for tax and privilege purpose from sales, marketing and consumers activities including business operations activities provide the equipment support as well as the maintenance service to the equipment including provide the products knowledge;
10. Investigate suspected misconduct activities reported by or against you or third party via Speak-Up including investigation of witness to the misconduct activities;
11. establish, comply, exercise or defend legal claims against you including initiate litigation action.

1.3. Our legal obligation
We are regulated by many laws and regulations, and to fulfil our legal requirements, it is necessary to collect and process your general and/or sensitive Data for the purposes of compliance with laws and regulatory obligations e.g. Labour Protection Act, B.E. 2541, Social Security Act, B.E. 2533, Workmen's Compensation Act, B.E. 2537, Consumer Protection Act, B.E. 2522, Liability for Damage Arising from Unsafe Products, B.E. 2551, Revenue Code, Anti-Money Laundering Act, B.E. 2542.

1.4. Our legal claims
We may rely on the legal claims basis to process your sensitive Data to establish, comply, exercise or defend legal claims against you or initiate litigation action to protect our interests.

1.5. Consent
Normally, we will not process your general and sensitive Data if we do not have any legal basis to do so. However, in some cases we will ask your consent to collect, use, disclose or process your general and sensitive Data. This may include processing of your general and sensitive Data under the following circumstances:

1. We intend to collect, use, disclose, transfer or process your general or sensitive Data for our business operation;
2. We intend to collect, use, disclose, transfer or process your general or sensitive Data received transfer from others for our business operation;
3. We intend to transfer your general or sensitive Data overseas and the destination country has lesser data privacy standards; and
4. When the data subject is classified as a minor, quasi-incompetent or incompetent of which the consent will be requested from their legal representatives, guardians or curators, as the case may be.

We will send you relevant marketing information including details of products provided by us, our affiliates, or business partners which we believe you will be interested in, by mail, phone, email, text and other forms of communication. If you change your mind about how you would like us to contact you or you no longer wish to receive this information, you can tell us anytime by following our withdrawal process.

2. Informing you of our collection of all your Data
Sometimes it is not necessary for us to inform you about Data collection, such as when:

1. you are aware of such new purposes or details;
2. we believe that notice of such new purposes or the details of the Data are impossible or will obstruct the use or disclosure of your Data, in particular for scientific, historical, or statistical research purposes, where we will take suitable measures to protect your rights, freedoms and interests;
3. it is urgent to use or disclose your Data as required by law and we will implement suitable measures to protect your interest; or
4. we are aware of or acquire your Data from our duty, occupation or profession, and we will maintain new purposes or certain Data details with confidentiality as required by law.

3. Sources of all your Data
Normally, we will collect your Data directly from you, but sometimes we may get it from other sources, in which case we will ensure that our sources of your Data comply with the PDPA.

Data we collect from other sources may include:
All your Data collected from our candidates, employees, third parties (e.g. hospitals, the Royal Thai Police, business partners) or publicly available sources.

4.Your rights
PDPA aims to give you more control of your Data. You have legal rights concerning your Data. These rights include:

Right to access
You have a right to get access and obtain a copy of your Data that we hold about you, or you may ask us to disclose the sources of where we obtained your Data that you have not given consent.

Right to data portability
You have a right to request us to transfer your Data to other persons/organizations, or request to see the Data that we have transferred to other persons/organizations, unless it is impossible due to technical circumstances.

Right to object to the processing of your Data
You have the right to object to the processing of your Data, unless there are circumstances that do not allow you to make the objection. This may include when we have compelling legitimate grounds or when the processing of your Data is carried out to comply, exercise or defend legal claims or for our public interest.

Right to erasure
You have a right to request us to delete, destroy or anonymise your Data in the following circumstances where:
1. The Data is no longer necessary for the purpose of which it was collected, used or disclosed;
2. You have withdrawn your consent to which the collection, used or disclosure is based on and we do not have legal grounds to collect, use or disclose the Data;
3. You have objected to the collection, use or disclosure of the Data and we do not have legal grounds to reject such request; and/or
4. When the Data has been unlawfully collected, used or disclosed under the PDPA.


Right to restrict the processing of your Data
You have a right to request us to restrict the processing of your Data in the following circumstances when:

1. It is under the pending examination process of checking whether the Data is accurate, up-to-date, complete and not misleading or not;
2. It is the Data that should be deleted or destroyed as it does not comply with the law and you request to restrict it instead;
3. The Data is no longer necessary to retain for the purpose of which it was collected, used or disclosed, but you still have the necessity to request the retention for the purposes of the establishment, compliance, exercise of legal claims or the defense of legal claims;
4. We are pending verification in order to reject the objection request to the collection, used or disclosure of Data.


Right to rectification
You have a right to rectify inaccurate Data in order to make it accurate, up-to-date, complete and not misleading. If we reject your request, we will record such rejection with reasons.

Right to lodge a complaint
You will have the right to make a complaint in the case of where we, our data processors including our employees or contractors do not comply with the PDPA or other announcements of the PDPA.

Right to withdraw consent
You may withdraw your consent at any time, unless we have lawful basis to deny your request.

5. Retention period of Data
The period we keep your Data is often linked to the prescription period and law enforcement period under the laws, which in many cases is up to 5, 7 or 10 years. We will keep your Data after this time if we must do so to comply with the legal obligation, or if some existing claims or complaints will reasonably require us to keep your Data, or for regulatory or technical reasons. If we do need to keep your Data for a longer period, we will continue to protect that Data.

We may need to retain images and video clips from CCTV surveillance systems installed for security and safety of persons within our premises for 45 days.

We may need to retain your collected personal data for 10 years after the completion of the investigation of misconduct activities reported under the Speak-Up, customers’/consumers’ complaint, or the third party due diligence (TPDD) process.

6. Security
We use a range of measures to keep your Data safe and secure which may include encryption and other forms of security. We require our staff and any third parties to comply with appropriate privacy standards including obligations to protect any Data and applying appropriate measures for the use and transfer of Data.

7. How we share your Data
We may provide your Data to the following parties on a need-to-know basis in certain circumstances:

1. Business partners, including (i) our group or affiliated companies and (ii) other persons or entities that we have an agreement with.
2. Suppliers, agents and other external auditors, system located overseas where the disclosure of such Data has a specific purpose and legal basis, as well as appropriate security measures.
3. Third parties providing services to us, such as market analysis and subcontractors acting on our behalf.
4. Social media companies (in a secure format) or other third-party advertisers so they can display relevant messages to you and others on our behalf about our products. Third-party advertisers may also use Data about your previous web activity to tailor adverts what are displayed to you.
5. Requirement for a proposed sale, reorganisation, transfer, financial arrangement, asset disposal or other transaction relating to our business and/or assets held by our business.
6. Requirement under the laws and other relevant regulations, court order or other authorities.

8. How to contact us
If you have any comments, suggestions, questions or want to make a complaint or exercise your rights regarding your Data, please contact us at No.88 The PARQ Building, 15th floor, Ratchadaphisek Road, Klongtoey, Klongtoey, Bangkok 10110 or Tel: (+66)2610 2500 or visit our website at https://www.suntorypepsico.co.th/ .

9. Changes to this Privacy Policy
We reserve the right to change, amend or update the privacy policy at any time as we deem appropriate by notifying you of the said change, amendment or update. We will notify the changes on our website https://www.suntorypepsico.co.th/ in which you can check at any time.