CCTV Policy

INTRODUCTION

CP Axtra Public Company Limited (the “Company”) uses CCTV cameras to monitor and record individuals on and around certain premises of the Company. We have established and disclose this Privacy Policy for CCTV as our approach to explain how we collect, use or disclose your personal information, and how we protect personal information and properly handle such information according to the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”) as stipulated under this CCTV Privacy Policy, hereinafter referred to as “CCTV Privacy Policy”.

SCOPE OF THE CCTV PRIVACY POLICY

This CCTV Privacy Policy covers to these topics.

  • Methods of collection and collected personal information
  • Purposes of collection, use or disclosure of personal information
  • Disclosure of personal information
  • Retention period of personal information
  • Your rights
  • Security measures of your personal information
  • Changes to the CCTV Privacy Policy
  • Contact us

METHODS OF COLLECTION AND COLLECTED PERSONAL INFORMATION

Method of Collection Collected Personal Information
When you are in or around buildings and premises of the Company and being recorded by security protection system such as CCTV
  • Captured image or footage
  • Body temperature via thermal scan

PURPOSES OF COLLECTION OR USE OF PERSONAL INFORMATION

Any collection or use of your personal information by relevant employees of the Company or other relevant persons or any actions performed on behalf of the Company which is necessary for controlling and monitoring security of the buildings and premises of the Company, including the use of personal information and purposes for any undertakings may rely on (1) Legitimate interest basis and (2) Legal obligation basis by which the purposes of collection or use will be as follows:

  1. To control access to the buildings and premises, and to observe, prevent, deter, and (if necessary) investigate unauthorized access to premises for the purpose of monitoring security and safety of the Company’s buildings and premises;
  2. To control access information technology resources and database of the Company;
  3. To maintain data from CCTV in the Company’s database, including to monitor and examine CCTV system for the above purposes;
  4. To use as an evidence in order to proceed any legal actions including taking necessary step in legal procedure or complying with the court order, or any authorities under the law; and
  5. To protect public health from dangerous contagious disease or epidemics.

In the case where the Company needs to collect, use, disclose or perform any processes with your personal information, apart from the purposes mentioned in this Privacy Policy, the Company will inform such change in www.makro.co.th or publish the notice at the Company’s branches which may require an additional consent from you.

DISCLOSURE OF PERSONAL INFORMATION

The Company does not disclose your personal information collected through the CCTV system as mentioned above to third parties. However, we may disclose your personal information to a third party only as stipulated by law.

RETENTION PERIOD OF PERSONAL INFORMATION

We retain your personal information not exceeding 120 days after your visit to our buildings or premises or until the precluded of lawsuit case prescription. After that period, any CCTV record image and footage are automatically deleted.

YOUR RIGHTS

You are entitled to the following rights under the PDPA:

Data Subject’s Rights Description
1. Right of access You have a right to get access and obtain a copy of your personal information that we hold about you, or you may ask us to disclose the sources of where we obtained your information that you haven’t given consent. The Company will send such copy to you within 30 days upon obtaining your request. In certain cases, the Company may request additional information in order to confirm your identity and your rights as part of our security measures.
2. Right to data portability You have a right to request us to automatically transfer your personal information to other persons, and request to see the personal information that we have transferred to other persons, unless it is impossible due to technical circumstances.
3. Right to object the processing of your information

You have a right to object to collection, use or disclosure of your personal information at any time, for example, if it is under the following circumstances:

  1. It is for the purpose of direct marketing; and/or
  2. It is for the purpose of scientific, historical or statistical research unless it is necessary to performance of a task carried out for reasons of public interest by the data controller.
4. Right to erasure

You have a right to request us to delete, destroy or anonymise your personal information in the following circumstances where:

  1. The personal information is no longer necessary for the purpose of which it was collected, used or disclosed;
  2. You have withdrawn your consent to which the collection, use or disclosure is based on;
  3. You have objected to the collection, use or disclosure of the personal information and the Company has no ground to reject such request; and/or
  4. When the personal information has been unlawfully collected, used or disclosed under the PDPA.
5. Right to restrict the processing of your information

You have a right to request us to restrict the processing of your personal information in the following circumstances when:

  1. It is under the pending examination process of checking whether the personal information is accurate, up-to-date and complete or not;
  2. It is the personal information that should be deleted or destroyed as it does not comply with the law and you request to restrict it instead;
  3. The personal information is no longer necessary to retain for the purpose of which it was collected, used or disclosed, but you still have the necessity to request the retention for the purposes of the establishment, compliance, or exercise of legal claims or the defense of legal claims;
  4. The Company is pending verification in order to reject the objection request of the collection, use or disclosure of personal information.
6. Right to withdraw consent

You may withdraw your consent at any time, unless it is restricted by law, or the contract which gives benefits to you.

However, the withdrawal of consent shall not affect the processing of personal information you have already given consent legally.
7. Right to rectification You have a right to rectify inaccurate personal information in order to make it accurate, up-to-date, complete and not misleading. If the Company rejects your request, the Company will record such rejection with reasons.
8. Right to lodge a complaint You will have the right to make a complaint in the case of where the Company, the data processor including the employees and employers of the Company do not comply with the PDPA or other notifications issued under the PDPA.

Under the PDPA, if you have any questions or would like to exercise any rights relating to your personal information, please submit your request via www.makro.co.th on exercising your rights under the PDPA topic or contact the public relation officer at the branch or via call center tel. 1432 every day between 06:00-24:00 hours.

SECURITY MEASURES OF YOUR PERSONAL INFORMATION

The image and footage caught by the Company can be accessed by branch management department, head office management department, security and loss prevention authority, and contracted security company for CCTV system operations. In this regard, the Company shall limit the access to CCTV system in high-level which shall be protected by using password and recording a logging in and any operation of persons having accessed to CCTV systems and personal information cannot be accessed without the authorization of the branch manager, security and loss prevention authority or head office management department.

The Company certified that all the personal information collected will be stored safely and strictly with adequate security standards. If you have a reason to believe that your personal information has been breached or if you have any questions regarding this CCTV Privacy Policy, please contact the DPO of the Company.

CHANGES TO THE CCTV PRIVACY POLICY

The Company reserves the right to change, amend or update the CCTV Privacy Policy at any time as it deems appropriate by notifying you of the said changes. The Company will notify the changes, amendments or updates on the Company’s website which you can check at any time.

CONTACT US

If you have any comments, suggestions, questions or want to make a complaint regarding your personal information, please contact us at:

CP Axtra Public Company Limited

Address: 1468 Phatthanakan Road, Phatthanakan, Suan Luang, Bangkok 10250

Tel: 02-779-9955 every Monday to Friday at 08.00-18.00 hours

Data Protection Officer

Address: 1468 Phatthanakan Road, Phatthanakan, Suan Luang, Bangkok 10250

E-mail: DPO@siammakro.co.th