Terms of use

Personal Data

In the course of our business, we may obtain and process your Personal Data as our clients, partners, suppliers, or when you are in contact with us, e.g. when you participate in the Company’s events, job application process, etc. Some data we obtain are Personal Data about you.

The Personal Data that we process are the following:

• Personally identifiable data such as name, surname, date of birth, identification card number;
• Contact data such as address, email and phone number;
• Transaction data such as payment details, bank account, product details and other services that you bought or leased from the Company including the data of accessing our website and other services;
• Technical data such as username, password, interests, setting preferences, IP address, login data, browser type, browser version, time and date setting, connection setting, operation and platform system and other technology that you have used your devices to sign in into our system;
• Marketing and communication data such as marketing services’ satisfactions and communication channels;
• Attendance Records, such as records of meetings and other events organized by the Company or on behalf of the Company;
• Consent Records (i.e. records of any consents to us, together with the date and time, means of consent and other data);
• For job applicants, curriculum vitae, data about you such as relatives, names and phones of reference persons.
• Views and Opinions that you choose to send to us or publicly post about the Company.

Marketing Information

The Company will send data about our products or services to you from time to time if you have a subscription to receive the data via our newsletters, email, or other communication channels. However, you can change the way you receive the data, or cancel such services at any time by using the same method as to when you subscribed to receive such data from the Company or you may contact the Company for this purpose.

Sensitive Personal Data

In our ordinary course of business, we may obtain certain Sensitive Personal Data about you. For example, the national identification cards that we collect in the ordinary course of business contain a Sensitive Personal Data (e.g. religion). When it is necessary to process a Sensitive Personal Data about you, we will do so on for the following purposes by relying on the following legal bases:

(a) We may process the Sensitive Personal Data where the Processing is necessary for the establishment of legal rights (e.g. litigation), compliance with the law or defending a right (e.g. to prepare our defence in court proceedings or any process carried out by public authorities); and
(b) We may process the Sensitive Personal Data about you to prevent or suppress a danger to you or other persons’ lives, body or health when the you are incapable of giving consent;
(c) We may process the Sensitive Personal Data for other purposes only if you give us your explicit consents for such Processing or when the Sensitive Personal Data about you is made publicly available (e.g. in social medias)
(d) We may have to process Sensitive Personal Data when the Processing is necessary for complying with the law or for other purposes as specified by the law; and
(e) Any other legal bases as permitted by the law.

The Company is the owner of the following websites:

• https://www.wha-group.com/index.html
• https://www.wha-logistics.com/en/home
• Other website that we may own in the future or other applications and online services of the Company.

In addition to the above, you may be in contact with the Company through several other channels which you may give us your Personal Data, such as the following:

You register your Personal Data when you open your new customer account and business partner account in order to receive services from the Company;

You contact the Company, our representatives or our business partners through online or offline channels;

You subscribe to our advertisement or our marketing news, or participate in any marketing campaign; and/or

You have participated in different events of the Company such as taking photos during the seminar or where you participated in other PR events

We may collect or obtain your Personal Data that you made public, including via social media (e.g. social media profile(s) that you make a public post);

You visit any of our offices, sites or websites;

We may receive Personal Data about you from third party if you choose to interact with any thirdparty content or advertising on a website or in an application (e.g. application for job seekers);

We may obtain your Personal Data from third parties who provide it to us (e.g. credit agencies; courts or public authorities)

We may create Personal Data about you, such as records of your communication with us, including attendance at events or interviews. We may record telephone calls, meetings and other discussion with us in accordance with the law.

The Company may process your Personal Data for the following purposes:

From the above, we may process a Personal Data about you without a need to obtain your explicit consent when It is necessary: for performance of contracts you entered into with us; for us to proceed in accordance with your request prior to contracting; for us to carry out for the Company’s legitimate interest which is not overridden by your fundamental rights; or to comply with the law or other public interest purposes. The Personal Data we process for these purposes include those relating to identification (e.g. name, citizen ID no., nationality, date of birth, religion, blood groups, address, gender, height, and photograph in the copy of national ID card, address, and gender in the copy of house registration, bank account, copy of passbook). If we do not obtain the above Personal Data, we may not be able to identify you and, as a result, we may not be able to proceed on the matter prior to contracting, or we may not be able to enter into contracts with you. Our performance of the contract entered into with you may also be disrupted.

We share or transfer Personal Data when:

• We obtain an explicit consent from you;
• It is necessary for prevention or suppression of a danger to life, body or health of a person;
• It is necessary for the performance of contracts you entered into or for us to proceed in accordance with your request prior to contracting;
• It is necessary for the Company’s legitimate interest which is not overridden by your fundamental rights; or to comply with the law or other public interest purposes.
• Other purposes as imposed on us by pubic authorities or as required, or permitted, by the law.

The Company will ensure that the organisations that we may share Personal Data about you have an adequate data protection standard.

In light of the above, the Company may, in the ordinary course of our business, disclose or share the Personal Data we collect with the following persons for the following purposes:

1. Companies in our group. You may visit our website, https://www.wha-group.com/index.html, to see our companies in the group. We share such data for the purpose of: communicating products and services of our group; Processing your request to use our products and services or participating to our events; transferring any data in the case of business transfer; investigating of misconduct or fraud and for security measure; disclosing any data relating to legal procedure or court order or any authorities under the law; protecting legal rights of our group and relevant persons; as well as other legitimate purposes.
2. Professional service providers, such as lawyers, accountants or auditors who are subject to binding contractual obligation of confidentiality toward the Company;
3. Third party processors, such as providing of clouds, data hosting services and IT system services;
4. Any relevant party, courts, public authorities, state enterprises (e.g. electricity/waterworks authorities) and law enforcement agencies;
5. any relevant third-party acquirers, partners in the event that we sell or transfer all or any portion of our business or assets (including in the event of a reorganization, dissolution or liquidation);
6. any relevant third party who are products/service providers, where our websites or applications use third party advertising plugins or content. Please note although we will ensure that the third party has sufficient privacy protection standard, if you choose to interact with any such advertising, plugins or content, your Personal Data would be processed by the third party. Hence, we recommend you review the third party’s Privacy Notice thoroughly before interacting or proceeding with such third parties.

If any transfer of the Personal Data require a consent, the Company will proceed with obtaining such consent prior to such transfer.

Because of our nature of business and for the purposes as specified in items 5-6, we may send, transfer, share or transmit Personal Data about you to persons in other countries when such transfer, sharing or transmitting has a valid legal base as specified in item 6 and provided further that: the recipient of the Personal Data has sufficient safeguard for data in accordance with the notification of the Commission. We may share or transfer the Personal Data even if there is no sufficient safeguard in the foreign country only when:

• the transfer or sharing is necessary to comply with the law;
• we obtain an explicit consent from you to the transfer/sharing by you being fully informed of the details of such inadequacy of safeguard of that other country;
• it is necessary for the purpose of contracting or proceeding with a matter upon your request prior to contracting;
• it is necessary for the performance of a contract between the Company and another individual or juristic person for your benefit;
• it is necessary for prevention or suppression of a danger to life, body or health or other substantial public interest;
• It is necessary for carrying out activities relating to one or more significant public interest as permitted by law;
• When the transfer or sharing is required, or permitted, by the law

We may also transfer or share the Personal Data to our subsidiary or affiliate abroad in accordance with the law for the above purposes as specified in this Privacy Policy (See items 5-6).

The criterion we use for determining the data retention period are as follows: we will retain Personal Data as long as it is necessary to serve or interact with you in accordance with the law and for as long as it is considered to be reasonable according to the purposes for which the Personal Data is collected. In particular, we may retain your Personal Data for the duration of any period necessary to establish, exercise or defend any legal rights.

If you would like to delete your Personal Data, you can make a request to us through different channels such as through the Company’s Website or filling in the form available at our office or by contacting our Call Center at [other channel(s) to be determined by CEO at a later stage] [Monday to Friday from [09.00-17.00 hours] We will consider it on a case-by-case basis.

You are entitled to the following rights under the PDPA:

To exercise any of your Data Subject Rights, please contact our Data Protection Officer (DPO) via [email protected] menu or fill in the form available at our office or by contacting our Call Center Monday to Friday from 09.00-17.00 hours or through other channels. In case of a request for copy of your Personal Data, unless the Company has grounds to refuse your request, the Company will send such copy to you within 30 days upon obtaining your request. In certain cases, the Company may request additional data in order to confirm your identity and your rights as part of our security measures. If you have any questions or would like to exercise any rights relating to your Personal Data, please contact the DPO of the Company according to the provided details.

For those who are our existing customers before the PDPA comes into force, we will continue Processing your Personal Data provided that our data Processing will strictly follow the objectives and purposes for which you allowed us to collect your data. You may request us to stop Processing Personal Data about you through [email protected]. We will review your request on a case-by-case by basis. The Company would like to inform you that your consent withdrawal may affect the services that will be provided by the Company such as getting you in touch with our new products or services. This is because, for instance, the data, if remaining after consent withdrawal, may be insufficient for us to render complete services that you need or we may need time to request additional data from you.

In the event that the Personal Data you have provided has changed, we encourage you to notify the Company of such update or edit the provided Personal Data so that your Personal Data is accurate and up-to-date. If your Personal Data is incorrect, it may affect the services of the Company and the Company will not be responsible for any loss or damage that may arise with you or the third party as a result of your failure to correct or update your Personal Data to be accurate in any way.

When there is a request to exercise the rights, we will acknowledge receipt of the request and confirm that we’re looking into the request and will respond within the statutory timeframe. We will assess the legal requirements, legal basis of Processing, consequence that the request may result on you and we will respond to you in due course. Each request would be considered in relation to the facts and circumstances and the legal requirements at the time. We will keep track and record the request for accountability purposes.

The company certifies that all the Personal Data collected will be stored safely and strictly with adequate security standards. If you have a reason to believe that your Personal Data has been breached or if you have any questions regarding this Privacy Notice, please contact the DPO of the Company.

The company will take appropriate steps to ensure that all Personal Data collected and processed is kept secure and protected against unauthorized or unlawful Processing, use, modification or disclosure, accidental loss or destruction of, or damage by establishing the policies and procedures, and implementing the technologies and software such as user authentication control, external and internal network perimeter controls and malicious program/ software control.

Subject to obtaining your consent, we may place Cookies on your web browser, your device or read Cookies already on your device when you visit our websites or check for messages.

We may use Cookies to:

• distinguish between users;
• tailor our websites and services to the needs and preferences of visitors;
• improve the use and the functionality of our websites; and
• analyse how our website is used and compile anonymous and aggregate statistics

You may choose to disable some of the above cookies while visiting our websites. However, disabling any of such cookies may impact your experience on our websites.

If you use different devices to access our websites, we recommend you ensure that each browser of each device is set to your cookie preference.

For more details on cookie management, please refer to our ‘Cookies policy’.

The Company’s websites may be redirected to other websites for the purpose of facilitating you when you visit other websites. These websites may collect your Personal Data. The Company is not responsible for the Processing of your Personal Data by other websites or such parties. For this reason, the Company recommends that you carefully review the Privacy Notice of these websites before you use the service on those websites.

The Company reserves the right to change, amend or update the Privacy Notice at any time as it deems appropriate by notifying you of the said change. The Company will notify the changes on the website or via [other channel(s) to be determined by CEO at a later stage] in which you can check at any time.

If you have any comments, suggestions, questions or want to make a complaint regarding your Personal Data, please contact the DPO of the Company via [email protected] at WHA Corporation Public Company Limited.