Privacy and Policy


Thai Agro Fresh Co., Ltd., (referred to as “Company”) recognize the importance of personal data or other information related to you (hereinafter referred to as the, “data”) in order to ensure you that the Company is transparent and responsible for the collection, usage or disclosure of your data under the Personal Data Protection Act, B.E. 2562 (2019) (hereinafter referred to as the “PDPA”), including other relevant laws.
 Therefore, this Privacy Policy (hereinafter referred to as the “Policy”) has been prepared to clarify to you details about the collection, usage or disclosure of personal data by the Company with the essence as follows:


2.Scope of Policy 

This Policy is applied to personal data of internal person currently related to the company and may occur later, which processed by the Company, officers, contractual employees, business entities or other forms of entities operated by the company and including contracting parties. Or the third parties who process the personal data on behalf of the company (“Data Processor”) under products and services such as websites, systems, documents, and other forms of services controlled by the company (collectively referred to as “Services”).

Individuals related to the Company in the first paragraph mean

1.    Individual customers

2.    Staff or workers, employees

3.    Partners, suppliers, contractors, subcontractors, and service providers, which are natural persons.

4.    Directors, attorneys, representatives, agents, shareholders, employees or other related persons similar to the juristic persons that are related to the Company

5.    Users of products or services of the Company, whose data may be collected while contacting the Company, e.g. first name-last name, address, telephone no., and other contact details, including the records of your inquiry and responses with the Company

6.    Visitors or users of the website:, including systems, applications, devices, e.g. first name – last name, date of birth, contact details and interest, or other contact channels controlled by the Company

7.    Other persons, whose personal data are collected by the Company, such as applicants, employees’ family, guarantors, life insurance beneficiaries, etc.

No. 1) to 7) shall collectively be referred to as “you”.


In addition to this Policy, the Company may issue the Privacy Notice (hereinafter referred to as the “Notice”) for products or services of the Company in order to inform the data subjects, as the users, about the processed personal data, objectives and legitimate reasons, retention periods for the retention personal data, as well as rights to the personal data of data subjects regarding the specific products or services.

In this regard, in case of material conflicts between the Privacy Notice and this Policy, the Privacy Notice of the services shall take precedence.

3. Definitions

1. “Company” means Thai Agro Fresh Co., Ltd.

2. “Personal data” means any data about natural persons, which can identify the persons, whether directly or indirectly, but not including specific information of the deceased.

3. “Sensitive data” means any personal data stated in Article 26 of Personal Data Protection Act, B.E. 2562 (2019) that are race, ethnicity, political opinions, cult belief, religion or philosophy, sexual behavior, criminal records, health information, disability, union information, genetic information, biological information or any other information similarly affecting the data subjects, as announced by the Personal Data Protection Committee.

4. "Platform" means websites, applications, or systems that the Company used to conduct its businesses including any official accounts under other platforms including but not limited to Line, Facebook, and Facebook Messenger (as the case may be).

5. “Data subject” means any natural person, who can be identified by the data collected, used or disclosed by the Company.

6. “Client” or “Supplier” means individuals or juristic persons including one or several individuals with authority or assignments to act on behalf of juristic persons to become party to business agreements with the Company as the Client or the Supplier in order to sell goods, offer services or use services in businesses involving the Company. 

7. “Employee” means an individual who works for the Company in accordance with employment agreements made with the Company, including Employees who entered into employment agreements with the Company to work for the Company’s Clients

8. "Types of Personal Data" means data collected by the Company by legitimate methods only as necessarily for the objective of the Company as follows

·                Your identifier or data from your identification, e.g. first name – last name, age, date of birth, nationality, citizen ID card no. or passport no., or other government documents for identification, etc.

·                Your contact information, e.g. address, telephone no., E-mail, social media accounts, etc.

·                Your government document data, e.g. copies of citizen ID card, house registration, passport, birth certificate, etc.

·                Your financial data, e.g. bank account no., copy of bank passbook, credit card no., income, etc.

·                Data collected by the Company or via the automated systems in the equipment of the Company, e.g. staff ID, work permit no., images from CCTV camera, etc.

·                Your sensitive data, e.g. race, religion, disability, criminal records, biological information (finger-print simulation data, face simulation data), health information, etc.

9. “Personal data processing” means any operation related to personal data, such as collecting, recording, copying, organizing, storing, improving, modifying, using, restoring, disclosing, transmitting, distributing, transferring, including deletion or disposal, etc.

10. “Data controller” means any natural or juristic person, who has the authority to make decision about the collection, usage or disclosure of personal data.

11. “Data processor” means any natural or juristic person performing the collection, usage or disclosure of personal data by the order or in the name of the data controller, who is not the data controller.

12. "Agreement or contract document" means documents about procurement, delivery, payment, or any document about services on website including but not limited to registration data, transaction data, delivery data, etc.

13. "Law" means Acts, Royal Decrees, Royal Decrees, Ministerial Regulations, as well as rules, criteria, regulations, announcements, regulations, and regulations of competent agencies. Both currently effective and additional amendments in the future.

14. "Lawful basis for processing" means lawful basis for processing presonal data under the Personal Data Protection Act, B.E. 2562 (2019)


4. Sources of Personal Data Processed by the Company

 Data given by you to the Company, while contacting the Company, are as follows:

1.    Personal data that the Company directly collects from data subjects through the service channels, such as while applying, registering, submitting job application, signing on contracts or documents, filling surveys, using products, services or servicing channels controlled by the Company, or when the data subjects communicate with the Company at the offices or via other contact channels controlled by the Company, etc.

2.    Personal data that the Company collects while data subjects are using the website, products or services according to any agreements or missions, such as tracking usage behaviors on website, products or services of the Company using            Cookies or from software on the devices of the data subjects, etc.

3.         Information and personal data that the Company collected from other sources besides from the data subjects, which the sources have the authority and legitimate reasons, or obtain consents from the data subjects for the data disclosure to the Company, such as connection to one-stop digital services for public interest by government agencies to serve the data subjects, retrieval of personal data other government agencies as the Company is obliged to establish a center for information exchange to support operations of government agencies to serve the public via digital systems, as well as necessity to provide services with exchange personal data exchange among counterparty agencies. This also includes cases that you provide personal data of third parties to the Company, which you are responsible for informing details of this Policy or Notice of products or services, depending on the cases, to the third parties as well as request consent from them, in case that consent is required to disclose their personal data to the Company.
        In case that the data subjects refuse to provide information necessary for the services of the Company, this may prevent the Company from providing the services to data subjects, in whole or in part.


5.Peronal Data Protection

The company will preserve your personal information carefully in accordance with technical measures and administrative measures. (Organizational Measure) to maintain appropriate security in the processing of personal data. and to prevent personal data violations, loss, access, destruction, use, conversion, modification, and use of data. or disclose information outside of the intended purpose or without authority or without authority 

Before the Company collects, uses or discloses your information, the Company will first ask for your consent. By requesting consent from the Company will be done expressly Is it a book or is it done electronically?

However, you are free to give your consent to the Company’s collection, use, or disclosure of your personal information. The Company will not set conditions for giving consent in order to access services. or enter into a contract with the Company If the personal information is not necessary or relevant for entering into the contract or receiving the service.

In addition, managements, employees, contractors, agents, consultants, and recipients of information from the Company have a duty to maintain personal information in accordance with confidentiality measures established by the Company.

In the case that any owner of personal data is not yet of legal age. Considered a minor according to the Civil and Commercial Code Your consent must also be obtained from the person with parental authority who has the authority to act on your behalf. If the person giving consent is a minor under 10 years of age, consent must be sought directly from the person exercising parental authority.

In the case that any owner of personal data is an incompetent person or a quasi-incompetent person Consent must be sought from the guardian or guardian who has the authority to act on behalf of the incapacitated person or the quasi-incompetent person, as the case may be

The Company will ensure that your information is accurate, current, complete and not misleading.

6. Methods of Collection and Collected Personal Information

Method of Collection

Collected Personal Information

When you register or apply for membership registration in order to receive services from the Company.

  • Identifiable information such as name, surname, birth date, identification number.

  •  Contact information such as address for invoices, address for shipping products, email and phone number.

When you log into our website for ordering products through our website or other online channels.

  • Technical information such as username, password, interests, setting preferences, IP address, login information, browser type, browser version, time and date setting, connection setting, operation and platform system and other technology that you have used your devices to sign in into our system.

When you enter into commercial transactions and make payments. This includes the use of membership card.

  • Transaction information such as payment details, bank account, product details and other services that you bought from the Company, including the information of accessing our website and other services.

When you have participated in different events of the Company, such as taking photos when receiving prizes or where you participated in other PR events.

  •  Identifiable information such as name, surname, birth date, identification number.

  • Contact information such as address

  • Captured image or footage.

When you request for document relating to tax, such as tax invoice.

  •  Identifiable information such as name, surname, taxpayer identification number (if any)

  • Required information for issuing tax invoice.

When you subscribe to our advertisement or our marketing news, or participate in any competition, receive discounts or answer surveys.

  • Identifiable information such as name, surname, birth date, identification number.

  • Survey Information.

When you contact the Company, our customer service representatives or the customer service representatives which are contracting party of the Company via both online and offline channels.

  • Identifiable information such as name, surname, email and telephone number.

  • Opinion, information and suggestion.

  • Voice record when you have contacted with the Company, representative of customer service department or representative of customer service department which are the 

7. Rights under the Personal Data Protection Act, B.E. 2562 (2019)

You can exercise the rights granted by laws and specified in this Policy as follows:

7.1 Right to withdraw the given consent to the processing of the personal data.

7.2 Right to request an access and obtain a copy of the personal data.

7.3 Right to request objection to the collection, usage or disclosure of the personal data, which the data subjects can exercise the right at any time.

7.4 Right to request modification of the data to become up-to-date and accurate.

7.5 Right to request deletion, disposal or anonymization of the personal data, when it is no longer necessary or when the data subjects have withdrawn the consent.

7.6 Right to request suspension of personal data usage, in case that the personal data must be deleted or is no longer necessary.

7.7 Right to Lodge a Complaint: If you find that the Company has not complied with PDPA, you have the rights to file complaints to the Personal Data Protection Committee or regulatory agencies appointed by   the Committee or by laws. In this regard, before filing the complaints, the Company asks you to please contact the Company, so it has an opportunity to learn the facts and clarify the issues, as well as address your concerns first.

7.8 However, the Company may refuse the exercise of the above rights by the data subjects, provided that the rejection is in accordance with the Company’s rules that are not in violation of the law. In the event that the Company rejects a request, it will notify the data subject of the reason for the rejection.


8. Cookies Policy

The Company uses cookies on its website. For further information on how the cookies are used by the Company, please review the Cookies Policy of the Company.

9. Objectives of the Personal Data Collecting and Processing

The Company shall process your personal data for several objectives depending on products or services in use and your relationship with the Company, or on the consideration in each context, and as specified in PDPA. The following objectives are mentioned as framework for general usage of personal data by the Company. In this regard, only the objectives related to the products or services in use or in relationship 

shall be applied to your data. Please be informed that, besides the processing mentioned below, the Company may disclose the personal data for the objectives, which the Company describes in the Privacy Notice (for Third Parties) and our affiliates operate in the name of the Company and other members of the Company.

1.    To enter into contracts or comply with contracts between the Company and data subjects, or between the Company and third parties for the sake of the data subjects.

2.    To comply with the law.

3.    For legitimate interest in case that it is necessary for the legitimate interest in the operations of the Company, which the Company shall mainly consider the rights of data subjects such as to prevent fraud, maintain security of the network systems, protect rights, liberty and interests of the data subjects, etc.

4.    To prevent or suppress danger to life, body or health.

5.    For research study or statistics in case of preparation for the historical documents or archives for public interest, or for activities related to research study or statistics with proper protective measures in order to protect rights and liberty of data subjects

6.    For other purposes with your explicit consent

7.    To perform state missions in case that it is necessary to carry out the mission for public interest or compliance with the duties assigned by the state authority to the Company.

10. Revision of the Privacy Policy

The Company may consider to improve, amend, or change this Policy as it deems appropriate, and shall inform you via websites, e.g., along with the effective date stated on each revision. However, the Company recommends you to regularly check for new version of the Policy via specific channels dedicated to activities of the Company before you disclose your personal data to the Company. Utilization of products or services of the Company after the enforcement of the new policy shall be deemed that you have acknowledged it already. In this regard, please stop the use if you do not agree with the details of this Policy, and please contact the Company for further clarification.

11. Contact for Inquiry or Exercise of Rights

Should you have any inquiry, suggestion or concern about the collection, usage and disclosure of personal data by the Company or about this Policy, or wish to exercise your rights under the PDPA, you may request further information at:

Attention:  Personal Data Protection Officer


101 Mo.9 Distric Klong Song Pathumthani 12120 

Tel: 02-264-6264 

E-mail: [email protected]