Privacy Policy

24 July 2020

Corporate Vision of Isuzu Motors Co., (Thailand) Ltd, a corporation organized and existing under the laws of Thailand (“Isuzu”, “we”, “us”, “our”), is “A leader in transportation, commercial vehicles and diesel engines, supporting our customers and respecting the environment.” Under this Vision, our mission shall be “A global team delivering inspired products and services committed to exceeding expectations.”

In addition to this Mission, we must recognise the importance of and social nature related to the protection of personal data. All directors and employees shall comply with the laws and other standards and regulations related to personal data. This Privacy Policy is meant to help you understand our privacy practices, including what personal data we collect, what personal data we use, how we disclose or transfer your personal data, and how we protect personal data, as well as your individual rights.

What personal data we collect

When you engage in any business or transaction with Isuzu or participate in, access or sign up for any of Isuzu’s activities, we may collect the following types of your personal data:

  1. Details about you (e.g. name and surname, gender, nationality, date of birth, identification card number, passport number, driving license number, photo)
  2. Contact details (e.g. address, telephone number, e-mail address, post code, company name, department, job title);
  3. Information relating to security (e.g. CCTV recordings and record of visitors)
  4. Financial details (e.g., bank account data and billing data);
  5. Online activities data relevant to this website (e.g. cookie, IP addresses and device information);
  6. Purchase and customer service history (e.g., date of purchase, vehicle details, vehicle status);
  7. Vehicle data which relates to personal data (e.g. vehicle identification number (VIN), device and service usage, vehicle configuration details, vehicle technical data, vehicle location data) and;
  8. Other information that you give us.

Please note that sometimes you may decide to provide us with sensitive personal data (e.g. information about your racial or ethnic origin, religious or philosophical beliefs, criminal records, health data or disability condition, biometric data). If you do this, we will provide further information about how we will use your collected personal data and may seek your explicit consent at the time if the sensitive personal data collection or process does not fall under any exemptions under Section 26 of the PDPA.

When we will inform you of personal data collection

Before we collect or process your personal data, we will always notify you about our purposes of processing. Only in some circumstances, it is not necessary for us to inform you of our purposes of processing, such as when:

  • you are aware of such new purposes or details of our processing;
  • we believe that notice of such new purposes or the details of our processing is impossible or will obstruct the use or disclosure of your personal data, where we have taken suitable measures to protect your rights, freedoms and interests;
  • it is urgent to use or disclose your collected personal data as required by law and we have implemented suitable measures to protect your interests; or
  • we are aware of or acquire your personal data from our duty, occupation or profession, and we have maintained such new purposes or certain details with confidentiality as required by law.

Sources of your personal data

We will collect your personal data directly from you in different ways which include in writing, by electronic means or in a hard copy form, by telephone, email, in person, and over the internet such as via our website. But sometimes we may collect them from publicly available sources and/or from other parties, in which case we will ensure that we fully comply with the PDPA.

How we use your personal data

We process your personal data for the purposes linked with each legal basis defined by the Personal Data Protection Act B.E. 2562 (the “PDPA”) and the provision of European Union’s General Data Protection Regulation (the “GDPR”) which may include, but are not limited to the following activities:

  1. Where you have given us your consent*:
  • To collect and use your sensitive personal data as necessary (e.g. to use your identification card which contains your sensitive personal data, namely religion and/or blood type);
  • To conduct marketing and/or public relations activities.

* Where we process your personal data based on your consent, you have the right to withdraw your consent at any time; provided, however, such withdrawal shall not affect the lawfulness of processing based on your consent before you withdraw your consent.

  1. Where it is necessary to fulfil obligations under a contract or take steps linked to a contract:
  • To fulfil the terms and agreements of order or service contract;
  • To contact you for business purposes.
  • To provide you with customer support, respond to your enquiries, fulfil your requests and provide you with customer services (e.g., maintenance order, repair your vehicle).
  • To arrange meetings, training or other activities.
  1. Where it is necessary to conduct our business and pursue our legitimate interests, provided that your interests and fundamental rights do not override those interests:
  • To collect business cards for communication purposes;
  • To follow up with customers’ enquiries/requests;
  • To improve our websites, applications, communications, and to improve and develop services for our customers; and
  • To use CCTV record, record of visitors and relevant information to ensure security including, detecting and preventing fraud.
  1. Where it is necessary to fulfil our legal obligations or regulatory requirements, which include but are not limited to:
  • Compliance with the PDPA and other laws to which we are subject both in Thailand and in other countries); and/or
  • Compliance with regulatory obligations and/or orders of authorized persons (e.g. orders by any court of competent jurisdiction or of governmental, supervisory or regulatory authorities or authorized officers).
  1. Where it is necessary to prevent or avoid danger to your life, body or health.

How we disclose your personal data

For the purposes described in this Privacy Policy, we may share, disclose or transfer your personal data on a need to know basis to the following recipients:

  1. Isuzu group companies
    1.1Please refer to a full list of Isuzu group companies in Thailand from the link below:
    https://isuzu-motors.co.th/en/about/
    1.2 Isuzu group companies overseas
  2. Third party service providers

Please refer to the categories of third-party service providers below:

  • IT hosting vendor;
  • Cloud service vendor; and
  • Any agents, contractors or service providers who provide administrative, document warehouse or other services in relation to the operation of businesses of Isuzu.

When we disclose your collected personal data to third parties who perform services on our behalf, we ensure that such service providers use personal information only in accordance with our instructions, and we do not authorise them to use or disclose your collected personal data except as necessary to perform services on our behalf or to comply with applicable legal obligations.

  1. Other disclosures

We may also disclose your personal data with relevant recipients for the following purposes:

  • to comply with applicable laws to respond to requests from public and government authorities;
  • to cooperate with law enforcement authorities or for other legal reasons; and
  • to protect your rights and privacy, for the safety of our property, and/or that of our affiliates or subsidiaries, us or others.

Transfer of your personal data overseas

We may transfer your personal data through different channels and store such data in other countries, which may have different data protection laws and regulations. Your personal data may also be processed by staff working for Isuzu group companies, distributors/dealers or third-party service providers, operating outside Thailand. In the case where the personal data is transferred to overseas countries, we will ensure such countries have adequate levels of data protection required under PDPA.

For the data transfers to countries where the level of data protection is not considered adequate by the Personal Data Protection Committee (“PDPC”) , we will take appropriate safeguard measures including: applying standard contractual clauses adopted by the PDPC, obtaining consent from the data subject, or performing data transfer as agreed under contracts made between us.

Retention of your personal data

We will retain your personal data for as long as required to meet business needs for which it was collected, or to meet any legal or contractual obligations. Our retention periods are determined considering: the purpose for which we process your personal data, the nature, sensitivity and amount of the data, the potential risk of unauthorized use or disclosure of the data, the applicable laws or regulations.

The retention period we keep your personal data will mainly be linked to the prescription period or the period under relevant laws and regulations (e.g. Financing Laws, Accounting Laws, Tax Laws, Labour Laws and others to which we are subject both in Thailand and in other countries) which in many cases is up to 10 years after the end of our relationship with you. In addition, we may need to retain records of CCTV surveillance in our office or branches for security purposes for 30-45 days.

We will delete, destroy, permanently anonymise or otherwise dispose of all collected personal data at the end of the retention period, or when we must comply with your request for erasure of your collected personal data.

Your rights as the data subject

  • Right of access and obtain copy;

You have the right to access your own personal data which we process and related information including: our purposes of the processing, categories of personal data, recipients, or the criteria used to determine retention periods, and the source of the data, if not directly obtained from you. You may also request a copy of your personal data in an electronic form, or provision of information orally as long as your identity is proven by rational means.

  • Right to rectification;

You have the right to rectify any inaccurate personal data concerning you or provide supplementary information to complete the incomplete personal data that we process.

  • Right to erasure;

When your personal data is no longer necessary in relation to the purposes for which it was collected, or you withdraw the consent on which processing is based and where there is no other legal basis, or in certain cases, you have the right for your personal data to be erased.

  • Right to restriction;

You have the right to request us to restrict the use of your personal data under certain circumstances, e.g. when we are in the process of examination in accordance with your request to rectify your personal data or to object the collection, use or disclosure of your personal data, or you request to restrict the use of personal data instead of the deletion or destruction of personal data which is no longer necessary.

  • Right to data portability

Where we process your personal data based on your consent or the contract with you, you may ask us for a copy of that information in a structured, commonly used and machine-readable form. You may also ask us to transmit your personal data directly to another data controller if technically possible.

  • Right to object; and

Where we process your personal data based on our legitimate interests, you have the right to object to our processing of data including profiling or direct marketing that is conducted using those data. (We will include an unsubscribe button in any marketing emails so that you can easily raise an unsubscribe request if you wish and we will promptly action that request.)

  • Right to withdraw consent

You have the right to withdraw your consent that has been given to us at any time pursuant to the methods and means prescribed by us, unless the nature of consent does not allow such withdrawal.

If you wish to exercise any of your data privacy rights, please address it to our Legal Department (LED) described in “Contact Us” section.

Complain to supervisory authorities

If you remain unsatisfied with our response to your request, you have the right to lodge a complaint with the PDPC or their office.

How we ensure collected personal data about you remains private and secure

Isuzu uses a range of measures to keep your collected personal data safe and secure, which may include encryption and other forms of security. We require our employees and third parties who carry out work on our behalf to comply with the PDPA and the appropriate privacy standards including obligations to protect any leakage of information and to apply appropriate security measures for the processing of information.

We maintain and update our security procedures and measures taking into account the appropriate physical, technical and organisational security procedures and measures to ensure a level of security of your collected personal data appropriate to the respective risk and the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing, including to prevent loss and unauthorised collection, access, use, modification, correction, disclosure or otherwise processing of your collected personal data. Our security measures apply to all types of data processing regardless of whether the collected personal data is processed electronically or in paper form.

If you have a reason to believe that your collected personal data has been breached, please contact us at the provided details in the “Contact us” section.

About cookies

If you visit our website, we may use cookies, subject to your consent where required, web beacons and other similar technologies to save some information with the goal of personalizing our advertising and to provide you a better, faster and safer customer experience. If you don’t want to use cookies, then you can refuse them. (For more details about our use of cookies, please read our Cookie Policy.)
Cookie Policy.

Changes to this Privacy Policy

We reserve the right to change, amend or update the privacy policy at any time as we deem appropriate. We will notify you of the said change, amendment or update on our website in which you can check at any time.

Contact us

We provide support in case you have any data privacy related questions or concerns or wish to exercise any of your data privacy related rights. For such cases, please contact following department:

Legal Department (LED)
Isuzu Motors Co., (Thailand) Ltd.
38 Kor., Moo 9, Poochaosamingprai Rd., Samrongtai, Phrapradaeng, Samutprakarn 10130
Email: LED_ADMIN@notes.isuzu.co.th