PRIVACY POLICY FOR A THIRD PARTY VENDOR

This Privacy Policy explains how Accord Corporation Ltd. (“Accord”, “we”, “us” or “our”), collects, uses, and discloses (“process” or “processing”) your Personal Data in the course of our business, in accordance with the Personal Data Protection Act (A.D.2019) (“PDPA”).

We advise you to read this Privacy Policy in its entirety.

  1. When does this Privacy Policy apply to you?

    This Privacy Policy applies to you if you are the Accord’s outsource service provider, speaker, supplier, vendor, business partner, contractor or subcontractor (collectively called a “Vendor”), either being an individual Vendor (“Individual Vendor”), or an individual who is associated with the corporate Vendor (“Corporate Vendor”), including its authorized persons, authorized directors, authorized representative, authorized agent, and/or contact person of those (collectively called “Associated Person”). The Individual Vendor and Associated Person of the Corporate Vendor shall collectively be referred herein this Privacy Policy as the “Third Party Vendor”.

  2. What type of Personal Data does Accord collect?

    2.1Accord processes various Personal Data about you as follows:

    (a)Personal Data relating to your full name identification number, passport number, tax identification card number, company, title and job description, qualifications, and contact details, such as your email address, telephone number, business address, and bank account details, and any other Personal Data relating to your business.

    (b) In case of Corporate Vendor, Accord may collect corporate documents or any government issued documents, which contain Personal Data of its relevant personnel such as the company affidavit and the list of shareholders.

    (c) Accord collects Personal Data which it may receive from any emails, telephone calls, posts and any other communication channels.

    2.2Accord does not aim or have any intention to collect Personal Data that is not necessary for, or not relevant to, our business operations, or our purposes relating to the processing of Personal Data, and especially Sensitive Personal Data. In the event that you or the Contract Party provide us with unnecessary or irrelevant Personal Data or Sensitive Personal Data, such as a copy of your identification card which contains religion and/or blood type related data, which is regarded as Sensitive Personal Data, Accord will proceed with the necessary actions in order to not collect such unnecessary/irrelevant Personal Data/Sensitive Personal Data.

    2.3In respect of the copy of the identification card, Accord encourages you to blind, or cross out, the Sensitive Personal Data on your identification card (i.e. religion and/or blood type related data), before delivering such documents to us. If the copy of your identification card, which has been delivered to Accord, still contains such Sensitive Personal Data, Accord will blind or cross it out from the documents ourselves. The blinding of your Sensitive Personal Data on the copy of the identification card will be conducted merely for the purpose of not collecting unnecessary/irrelevant Sensitive Personal Data, and without any criminal intent.

  3. Why does Accord Collect and Process Your Personal Data?

    Accord collects your Personal Data for different purposes, relying on various lawful bases, as set out below:

    (a) Contractual Necessity: To enter into a contract with you or the Third Party Vendor, including performing the rights and duties under such contract, or to proceed with any other request or obligations prior to entering into such contractual relationship. This would include the processing of your Personal Data for payment, tax, and financial matters relating to our contract or engagement. In this regard, if you choose not to provide certain Personal Data, Accord may be unable to enter into a contract with you, or to purchase or acquire products or services you provide, either in part or in whole.

    (b) Legitimate Interest:

    (a) To source Third Party Vendor for products and services.

    (b) To manage, administer and develop our business relationship.

    (c) To generate profile and record statistics regarding the sales of products in order to plan our business and marketing strategies, and to control and monitor our inventories.

    (d) To conduct risk assessment and manage risk associated with the Third Party Vendor.

    (e) To detect, prevent, investigate, and prosecute fraud and/or the criminal activity.

    (f) To manage our information technology, and to ensure the security of our systems.

    (g) To protect Accord's rights, property, or safety.

    (c) Legal Claims: To establish, comply, exercise, or defend legal claims.

    (d) Legal Obligation: To comply with our legal obligations, including regulations relating to tax and registration of the medical devices. Furthermore, this shall include to disclose information to a governmental agencies or authorities, such as the Revenue Department, the Customs, Ministry of Commerce, and the Food and Drug Administration, when it is required by applicable laws or regulations.

  4. Where does Accord collect your Personal Data?

    (a) Directly from you: Accord normally collects your Personal Data directly from you (the “Data Subject”), when you contact, communicate, and correspond with us either via email or through direct interaction. For example, when you contact us for information about the services and/or products, and/or to purchase or acquire such services and/or products.

    (b) Public sources: We may collect your Personal Data which is available on public sources, such as websites, search engines and social media platforms.

    (c) Employer or others: In the case of Corporate Vendor, Accord generally collects the Personal Data of its Associated Person through such Corporate Vendor.

  5. To whom does Accord Disclose Your Personal Data?

    Accord may disclose your Personal Data to others, as follows:

    (a) Accord discloses Personal Data of the Third Party Vendor to its affiliates or regional office outside Thailand.

    (b) Accord discloses Personal Data of the Third Party to suppliers, vendors, outsource companies, or other persons/entities in connection to the services provided to us, and for any other purposes as prescribed herein this Privacy Policy.

    (c) Accord may disclose Personal Data of Third Party Vendor according to the order or request of the government and law enforcement authorities, or in order to establish, exercise, or defend, or to protect legal claims, including those in relation to our contracts with our suppliers, and in order to protect the rights, interests, property, personnel, business operations and/or safety of Accord.

    (d) Accord may disclose Personal Data of Third Party Vendor when required to do so under applicable law or in response to the order or the competent authorities, government agencies, and/or courts, both in Thailand and overseas, including, without limitation to, the Revenue Department, the Customs and the Food and Drug Administration.

    (e) Accord may disclose Personal Data of Third Party Vendor to any other third parties in connection with a change of ownership of Accord, or any of its assets or properties.

  6. Where does Accord transfer your Personal Data?

    We may transfer your Personal Data to our affiliates and regional office, and in certain circumstances, to third parties, which are located outside Thailand, and which may have different data protection standards to those prescribed by the data protection authority in Thailand. Notwithstanding that, we ensure that we will protect your Personal Data by implementing adequate personal data protection standards for the transfer of your Personal Data outside Thailand pursuant to the requirements under applicable laws and regulations.

  7. For how long does Accord retain your Personal Data?

    We retain Personal Data of the Third Party Vendor for as long as is required in order to fulfil our contractual obligations, and for a period of 10 years after the cessation of our contractual relationship, or the last communication between us, unless otherwise agreed with you in writing, or required or permitted by applicable law.

    Where we process your Personal Data in connection with a legal obligation, your Personal Data will be retained for the duration of the prescribed legal retention period, as stipulated under the applicable law.

  8. What are your rights in relation to your Personal Data?

    You are entitled to the following rights:

    (a) Request to have access to and obtain a copy of your Personal Data, and to request the disclosure of the source of the Personal Data, in the event that your Personal Data was collected without your consent;

    (b) Receive your Personal Data in a commonly used and machine-readable format, and to have your Personal Data in said format transmitted to another Data Controller;

    (c) Request that your Personal Data be deleted, destroyed, or de-identified;

    (d) Object to the collection, use, and disclosure of your Personal Data, and especially where such collection, use, or disclosure is for direct marketing purposes;

    (e) Request that the processing of your Personal Data be suspended;

    (f) Request that your Personal Data be corrected, updated, or completed;

    (g) Withdraw your consent at any time, provided that there is no other legal ground for Accord to continue with the processing of your Personal Data (if applicable); and

    (h) Lodge complaints to the competent authority.

    Your request may be refused, and the exercise of your rights is subject to the limitations prescribed by law.

  9. Changes to This Privacy Policy

    Changes in this Privacy Policy will be notified to you via email or post we will give you the opportunity to express your consent for processing your Personal Data for different and new purposes, or we will in any case inform you about the legal basis of such processing other than consent. The time stamp you see on the policy will indicate the last date it was revised.

  10. How can you contact us?

    At Accord, we are committed to apply this privacy policy and the accountability principle. For this reason, if you have any privacy concern or questions about how your Personal Data is collected and processed, and how to exercise the rights to your Personal Data, please feel free to contact us.

    33 2-8 Soi Rong Mueang 4,
    Rong Mueang Sub-district, Pathumwan District,
    Bangkok, Thailand
    Email Address: dpo@accordhenryschein.com
    Contact No.: 02-119-4900 ext. 3104

    Or you may contact our Data Protection Officer at: (if required):
    Ms. Kulkalaya Rukawat
    Contact No.: 02-119-4900 ext. 3104

    We will promptly respond and make everything possible to address your concern.