top of page

Privacy Policy

Blue River Products Company Limited respects the right to privacy and places importance on the protection of customer personal data, shareholders, employees, stakeholders and people who are related to the company. This is to ensure such persons will receive their rights protection in accordance with the Personal Data Protection Act 2019 and related laws with the following important issues:

1. Scope and Objectives

This privacy policy has the scope and purpose to protect personal data with stakeholders and people who are related to the company such as company employees, business partners, business alliances, suppliers, shareholders, creditors, debtors, consultants, service providers, website/app visitors, job candidates, employees' families, beneficiaries under life insurance policies, and referred persons in job applications.

2. Definition

2.1 Personal data: Data about an individual that enables identification either directly or indirectly, excluding deceased persons.
2.2 Sensitive Personal Data: Includes race, ethnicity, political opinions, religion, sexual behavior, criminal records, health data, disability, union data, genetic or biological data (fingerprints, facial scans, etc.), or other categories defined by law.
2.3 Owner of personal data: Any person whose data can be identified (customers, partners, employees, etc.).
2.4 Data processing: Actions on personal data (collection, usage, disclosure, update, deletion, destruction).
2.5 Personal Data Controller: Person or entity with authority to decide on the collection, usage, or disclosure of data.
2.6 Personal Data Processor: Person or entity acting under instructions to process data (e.g., cloud services).
2.7 Personal Data Protection Officer (DPO): Company-appointed officer as required by law.

3. Personal Data Protection

  • 3.1 Collection will be lawful, fair, and limited to necessary duration.

  • 3.2 Consent will be obtained electronically or via company methods. Sensitive data requires explicit consent unless exceptions apply.

  • 3.3 Sensitive personal data will only be collected when necessary and lawful.

4. Purposes for Collecting or Using Personal Data

  • 4.1 For company operations, service quality, and compliance with laws.

  • 4.2 No usage beyond the stated purpose unless new purposes are informed and consented.

  • 4.3 For access control, safety, disease prevention, and security.

  • 4.4 For procurement, distribution, and service provision.

  • 4.5 For financial and tax compliance.

  • 4.6 For raw materials promotion, farmer registration, employee management, product sales, and related activities.

5. Use or Disclosure of Personal Data

  • 5.1 No disclosure without consent except as stated.

  • 5.2 Disclosure may occur domestically or internationally for operational purposes, with confidentiality safeguards.

  • 5.3 Disclosure may occur when legally required (e.g., government agencies).

6. Security of Personal Data

  • 6.1 Preventive and security measures will be applied per laws and company policies.

  • 6.2 Employees will be trained and encouraged to comply with data protection policies.

7. Rights of the Personal Data Subject

Subjects have the right to request access, copies, consent withdrawal, objection, deletion, destruction, suspension, updates, and appeals, unless affecting others’ rights and liberties.

8. Quality of Personal Data

Data must be correct, up to date, and provide channels for correction.

9. Review and Change of Privacy Policy

The company will update and amend policies as necessary to comply with laws, operations, and feedback.

10. Personal Data Protection Officer

The company appoints a DPO to oversee compliance with the law regarding data collection, usage, and disclosure.

11. Roles and Responsibilities

11.1 Personal Data Controller

  • Secure data, review prevention measures, prevent unauthorized use/disclosure, delete data after retention period.

11.2 Personal Data Processor

  • Act per controller instructions, secure data, maintain processing records.

11.3 Personal Data Protection Officer (DPO)

  • Review controller/processor practices, ensure confidentiality, handle complaints and rights requests.

11.4 Executives and Supervisors

  • Monitor compliance, build awareness, control related agencies.

11.5 Employees

  • Follow policies, report unusual events or non-compliance.

Effective from: June 1, 2022
Announced on: May 25, 2022

bottom of page