Eat Well Co., Ltd. – Privacy Notice for Customers
Eat Well Co., Ltd.

recognizes the importance of protecting the privacy rights of its customers, employees, and other individuals associated with the company. To ensure that these individuals’ rights are fully protected under personal data protection laws, the company has established a Personal Data Protection Policy. This policy provides clear and appropriate guidelines, mechanisms, supervision, and management of personal data.

1. Scope of Application

This Personal Data Protection Policy applies to employees and individuals involved in the processing of personal data on behalf of or under the direction of the company.

2. Definitions

2.1 Processing refers to any operation performed on personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

2.2 The Company refers to Eat Well Co., Ltd.

2.3 Group Company refers to any company in which Rajburi Sugar Co., Ltd. holds direct and/or indirect shares.

2.4 Personal Data refers to information relating to an identified or identifiable natural person, either directly or indirectly. Examples include a person’s name, surname, email address, phone number, IP address, photo, race, religion, political opinions, genetic data, and biometric data.

2.5 Data Subject refers to a natural person who is the owner of personal data that can identify them, either directly or indirectly.

2.6 Data Controller refers to a natural or legal person who determines the purposes and means of the processing of personal data.

2.7 Data Processor refers to a natural or legal person who processes personal data on behalf of the Data Controller.

2.8 Cookies are specific pieces of data stored on a user’s computer. When a user visits a website, cookies are stored and track the user’s activity on their computer or mobile device. This allows the company to improve the user’s website experience and make browsing more convenient.

3. Roles, Duties, and Responsibilities

3.1 The Board of Directors has the following roles, duties, and responsibilities

(1) To oversee personal data and internal controls to ensure compliance with the company’s data protection laws and policies.

(2) To supervise and support the company’s effective and lawful protection of personal data.

(3) To appoint a Data Protection Officer.

3.2 Management has the role, duty, and responsibility to monitor and control the relevant departments to ensure compliance with the Personal Data Protection Policy and to promote awareness among employees.

3.3 The Data Protection Officer has roles, duties, and responsibilities as stipulated by law, including the following

(1) To regularly report on the status of personal data protection to the company and to provide recommendations for continuous improvement in compliance with the law.

(2) To advise employees on complying with data protection laws and policies.

3.4 Employees have the following roles, duties, and responsibilities

(1) To comply with the company’s Personal Data Protection Policy according to its standards, guidelines, procedures, and other related regulations.

(2) To report any abnormal events related to personal data protection or non-compliance with the company’s laws and policies to their supervisor.

4. Personal Data Processing Objectives

4.1 The company will process personal data lawfully, giving consideration to its accuracy. The company will maintain the confidentiality, integrity, and security of this personal data.

4.2 The company will create and maintain Records of Processing (RoP) to document various items and activities related to personal data processing in compliance with the law. The RoP will be updated whenever there are changes to these items or activities.

4.3 The company will provide clear procedures for the collection of personal data and details of its processing (Privacy Notices) and will obtain consent from Data Subjects in accordance with the law. The company will also implement measures for supervision and inspection.

4.4 The company will provide a mechanism to check and correct personal data to ensure accuracy.

4.5 In cases where personal data is sent, transferred, or used by others, the company will create an agreement with the recipient or user of that data to define their rights and duties in accordance with the law and the company’s personal data protection policy.

4.6 The company will store personal data for an appropriately necessary period, in compliance with the law and the company’s business practices.

5. Data Subject Rights

The company will provide measures, channels, and methods for Data Subjects to exercise their rights as defined by law. The company will also document and evaluate responses to Data Subject requests.

6. Personal Data Security Measures

6.1 The company will provide sufficient personal data security measures, including preventing data leakage and unauthorized use.

6.2 The company will implement a Privacy Incident Management Policy and an Incident Response

Program to promptly identify and manage any incidents related to personal data.

6.3 The company will have a process for notifying Data Subjects of any incidents in accordance with the law.

7. Contacting the Company

Data Protection Officer
Email : IT@RAJBURISUGAR.COM
Eat Well Co., Ltd.
Phone : 02-237-9999, 086-369-5555

8. Penalties for Non-Compliance

Failure to comply with the company’s Personal Data Protection Policy may result in disciplinary action and/or penalties as stipulated by law.