Can Innovation

CAN Innovation Company Limited
(Privacy Policy)

  • Objectives

    CAN Innovation Co., Ltd. (CAN) has established this policy to ensure that our employees, partners and web site users are aware of and understand our privacy protection policy pertaining to the collection, use, disclosure and retention of the personal data with full compliance to the required laws and regulations.

  • Scope

    This document shall be applicable to our employees, partners and anyone who is using the website.

  • Definition

    “The Company” means CAN Innovation Company Limited (CAN) and its affiliates.

    “Personal data” means information about an individual that enables an individual to be identified either directly or indirectly such as:
    (1) Name – Surname or Nickname
    (2) Identification card number, passport number, social security card number, driver’s license number, tax identification number, bank account number, credit card number
    (3) Contact Information such as home address, e-mail, telephone number
    (4) Device or tool information such as IP address, MAC address and Cookie ID, etc.
    (5) Biometric data such as facial images, fingerprints, X-ray film data, iris scans, audio identity data and genetic information, etc.
    (6) Information identifying person’s assets, such as vehicle registration and title deed, etc.
    (7) Information that can be linked to the above information such as date of birth and place of birth, race, nationality, weight, height, location, medical information, educational information financial information and employment information, etc.
    (8) Information about employee’s performance appraisal
    (9) Various records that are used to monitor the activities of individuals such as log files, etc.
    (10) Information that can be used to search for other personal information on the Internet.

    “Personal Data Controller” means a person or legal entity who has the authority to make decisions about the collection, use or disclosure of personal data.

    “Personal Data Processor” means the person or legal entity performing the processing in connection with the collection, use or disclose personal data by order or on behalf of the Personal Data Controller.

    “Person” means any individual who has personal data.

    “Data Protection Officer (DPO)” means a person assigned to oversee, monitor the operations, and coordinate with the Personal Data Protection Committee or other related agencies.

  • Policies and Guidelines
  • Collection, use or disclosure of Personal Data
  • The Company shall collect, use, store and disclose Personal Data within the purpose, scope and lawful and fair methods as defined in the scope of Company’s objectives in the accurate and timely manner.

  • Purpose of Data Processing Personal Data
  • Personal Data are collecting, using or disclosing by the Company for the following purposes: accessing Company’s website, application and related services to the Company’s operations such as ordering products or services, requesting for information and providing feedback or complaints. Company may use Personal Data, as specified in 4.3.1, in the stated purposes or as stated in the consent form.

  • Contract base
  • When the data subject agrees to use the company’s services, the data subject shall provide personal data to the Company to process as prescribed in the Service Agreement in accordance with Section 24 (3) of the Personal Data Protection Act B.E. 2562

  • Consent base
  • As necessary, the Company may use the personal data for processing as part of the services and/or other company’s activities. The data subject can withdraw consent by contacting the company at

  • Legitimate Interest
  • The Company may use the personal data for processing as part of managing and preparing the necessary reports within the Company, maintaining standards or managing internal risk management, Internal Controls and Audits in accordance with Section 24 (5) of the Personal Data Protection Act B.E. 2562

  • Legal Obligation
  • The Company may use the personal data for processing for the purpose of processing the information in order to comply with the regulatory laws and regulations in accordance with section 24 (6) of the Personal Data Protection Act B.E. 2562

  • Type of Personal Data and Collection Period The company will process the data and set the time for collecting as follows:
  • Types of personal data
  • General personal data (non-sensitive data) is any information relating to a natural person, which enables the identification of such person, whether directly or indirectly, such as name, surname, address, telephone number, age, educational background, social status, physical appearance, etc.
  • Sensitive data is any personal data pertaining to racial or ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or of any data which may affect the data subject in the same manner
  • Data Retention Period
  • CAN shall retain and use Personal Data as long as necessary as prescribed in the service agreement and as required by law including any exceptions or special circumstances.

    If there are any concerns, data subject may notify to exercise the rights as prescribed in clause 4.5.

  • Review of Personal Data Necessary for Processing
  • CAN shall conduct a review to ensure that only necessary personal data are collected for processing.

  • Personal Data Disclosure

    The Company shall not disclose and transfer Personal Data to third party unless explicit consent is given, except where the laws prescribed the requirements such as government agencies, external auditors, etc.

  • Rights of Data Subjects The data subject has the rights to perform the following actions :
  • Right to withdraw consent — the data subject has the rights to withdraw consent to the processing of personal data at any time during the period that personal data is with the company.
  • Right of access — the data subject has the rights to access personal data that the company has.
  • Right to rectification – the data subject has the rights to request to correct any incorrect or incomplete data.
  • Right to erasure – the data subject has the rights to request to delete data with stated reasons.
  • Right to restriction of processing — the data subject has the rights to suspend the use of personal data for stated reasons.
  • Right to data portability — the data subject has the rights to transfer personal data that has been provided to the company to other data controllers or the data subject for stated reasons.
  • Right to object — the data subject has the rights to object to the processing of personal data for stated reasons.

  • Any request listed above the data subject must do so in writing and the Company will use its best efforts to do so within a reasonable period of time and not exceeding the time limit as required by laws. However, the Company reserves the right to not fulfill your request under the provisions of the laws and the refusal and the reason shall be recorded accordingly.

    The request to exercise the above rights such as to delete, destroy, suspend, request a transfer, objection, make the data anonymized or withdraw consent, may cause restrictions, limitations or disruptions on the company transactions or services as stated om the service agreements.

    In exercising the above rights, the company reserves the rights to charge any relevant and necessary fees that may incur in order to process the request accordingly.

  • Security
  • The Company has implemented standard measures to maintain the security of personal data appropriately to ensure the utmost protection of personal data such as prevention of wrongful loss of personal data, prevention of unauthorized access to personal data, prevention of misuse of personal data, prevention of wrong conversion and modification of personal data, prevention of illegal disclosure of personal data, recording visitors to the website (Log Files), setting rights and limitations on the rights to access personal data of employees, destruction of various storage media such as paper, flash drives, CD-DVDs, hard disks, etc., in order to prevent data loss, unauthorized access, destruction, use, conversion, modification or disclosure of personal data.

  • Involvement of Data Subjects
  • The Company will disclose personal data details only upon request from the data subject, and legal representatives through the request submission to The request will be processed within a reasonable time as specified by laws.

  • Changes to the Privacy Policy
  • The Company will review the Privacy Policy on a regular basis in order to comply with the guidelines, regulations and other relevant laws. In the event that there is a change in the Company’s policy, the information will be disseminated through the company’s website

  • Disclaimer
  • The Company reserves the rights to reject the request pursuant to Clause 4.5 in the following cases :

  • Compliance to the required laws and regulations to do so
  • Anonymized the personal data so that the individual identity is not revealed
  • No legal evidence to prove data ownership from the data subject or requestor
  • Illegitimate request such as no legal rights or no personal data available at the company, etc.

  • Personal Data Protection Officer
  • As required by Personal Data Protection Act B.E. 2562, the company has appointed a Data Protection Officer (DPO) to review the Company’s operations that are relating to the collection, usage and disclosure of personal data to comply to the required laws and regulations.

  • Contact Us
  • If there are any concerns or questions regarding PDPA @ CAN Innovation, please contact DPO (Data Protection Officer) at :
    Data Controller and the Personal Data Protection Officer (DPO)
    CAN Innovation Co., Ltd. (CAN) (Head Office)
    88/62-63 Soi Ramkhamhaeng 53,
    Plubpla, Wangthonglang, Bangkok 10310
    Telephone 02 514 2177