Privacy Policy
Stars Microelectronics is an electronics manufacturing services (EMS)
Privacy Policy
In cases where the Company is required to collect your personal data for contractual compliance, legal obligations, or the necessity of entering into a contract, if you refuse to provide such personal data or object to the processing for the intended purpose of the activity, it may result in the Company being unable to fully or partially carry out the requested actions or services.
15. Inquiries and Exercising Your Rights
Privacy Notice
Stars Microelectronics (Thailand) Public Company Limited
Stars Microelectronics (Thailand) Public Company Limited
1. Introduction
Stars Microelectronics (Thailand) Public Company Limited, hereinafter referred to as the "Company," places great importance on the privacy of employees, service users, and all related individuals. To ensure that the Company has fully implemented measures for the protection of personal data in accordance with the Personal Data Protection Act B.E. 2562 (2019), the Company has established the following policies and guidelines for the management of personal data.
2. Scope of Policy Enforcement
This policy applies to the personal data of individuals who have a relationship with the Company, both currently and in the future, and whose personal data is processed by the Company, its officers, contracted employees, business units, or other entities operated by the Company. It also extends to contractors or external parties that process personal data on behalf of or in the name of the Company ("Personal Data Processors") under various products and services, such as websites, systems, applications, documents, or other services managed by the Company.
Individuals who have a relationship with the Company, as mentioned in the first paragraph, include:
1) Individual customers
2) Officers, workers, or employees
3) Business partners and service providers who are individuals
4) Directors, Attorney, representatives, agents, shareholders, employees, or other individuals with a similar relationship to legal entities associated with the Company
5) Users of the Company's products or services
6) Visitors or users of the website www.starsmicro.com, which is managed by the Company In addition to this policy, the Company may issue a Privacy Notice ("Notice") for specific products or services to inform data subjects who use the Company's services about the personal data being processed, the legitimate purposes and legal basis for processing, the retention period of personal data, and the rights of data subjects regarding their personal data.
In the event of a material conflict between the contents of the Privacy Notice and this policy, the provisions in the Privacy Notice for that service shall prevail.
Individuals who have a relationship with the Company, as mentioned in the first paragraph, include:
1) Individual customers
2) Officers, workers, or employees
3) Business partners and service providers who are individuals
4) Directors, Attorney, representatives, agents, shareholders, employees, or other individuals with a similar relationship to legal entities associated with the Company
5) Users of the Company's products or services
6) Visitors or users of the website www.starsmicro.com, which is managed by the Company In addition to this policy, the Company may issue a Privacy Notice ("Notice") for specific products or services to inform data subjects who use the Company's services about the personal data being processed, the legitimate purposes and legal basis for processing, the retention period of personal data, and the rights of data subjects regarding their personal data.
In the event of a material conflict between the contents of the Privacy Notice and this policy, the provisions in the Privacy Notice for that service shall prevail.
3. Type of Personal Data Collected by the Company
Personal data or personal information refers to any information related to an individual that can be used to identify that person. It does not include data that has been anonymized (anonymous data).
The Company may collect, use, store, and transfer various types of personal data, which have been categorized as follows:
The Company may collect, use, store, and transfer various types of personal data, which have been categorized as follows:
| Category | Details and Example |
| Identity Data | Includes, but is not limited to, first name, last name, username or similar identifiers, title, date of birth, and other personal details. |
| Contact Data | Includes billing address, residential address, email address, and phone number. |
| Financial Data | Includes details of bank accounts and payment information. |
| Transaction Data | Includes details of payments made to or received from you, as well as financial information and identity verification documents (e.g., bank account numbers). |
| Technical Data | Generally referred to as online identifiers, including Internet Protocol (IP) address, unique mobile device identifiers (e.g., MAC Address, Identifier for Advertising (IDFA), and/or International Mobile Equipment Identity (IMEI)), device type, login details, browser type and version, time zone settings, geographic location, browser plugin types and versions, operating system and platform, as well as other technologies required to access this website. |
| Educational Data | Includes login details, entrance exams, academic records, disciplinary records, other educational records, references, scripts, and exam scores. |
| Usage Data | Includes information about how you use the Company’s website and services, educational and employment-related data, images, audio recordings, video recordings, or CCTV footage. |
| Marketing and Communication Data | ncludes your preferences regarding receiving marketing information from third parties and the Company, information about the Company's products, and your communication preferences. |
| Sensitive Personal Data | Includes your sensitive personal information, such as race, religious beliefs, disability status, political opinions, criminal history, biometric data (e.g., facial recognition data), and health-related information. |
4. Sources of Personal Data Collected by the Company
The Company primarily collects personal data directly from the data subjects. However, in some cases, the Company may collect data from third parties (e.g., directors, references, or previous employers) or publicly accessible sources. The Company may also collect your data in the following circumstances:
1) You request a visit to the Company as planned.
2) You register to participate (or have participated) in an event organized by the Company.
3) You visit the Company's website or social media platforms.
4) You subscribe to receive emails, newsletters, and/or prospectuses from the Company.
5) You express interest in working for or collaborating with the Company.
6) You are employed by an organization that is a key business partner of the Company.
1) You request a visit to the Company as planned.
2) You register to participate (or have participated) in an event organized by the Company.
3) You visit the Company's website or social media platforms.
4) You subscribe to receive emails, newsletters, and/or prospectuses from the Company.
5) You express interest in working for or collaborating with the Company.
6) You are employed by an organization that is a key business partner of the Company.
5. Legal Basis for Collecting Personal Data
The Company determines the legal basis for collecting your personal data based on appropriateness and the context of the service provided. The legal bases used by the Company for collecting personal data include:
| Legal Basis for Data Collection | Details |
| For the Performance of a Task for Public Interest or the Exercise of Official Authority Granted to the Company | The Company is authorized to exercise official authority and carry out tasks for the public interest in accordance with its legal mandates, such as:
|
| For Compliance with Legal Obligations | The Company is also required to comply with laws governing its operations, such as:
|
| Legal Necessity for Legitimate Interests | For the legitimate interests of the Company and other individuals, such interests are no less important than the fundamental rights to personal data of the data subject. For example, ensuring the security of the Company’s premises or processing personal data for the Company’s internal operations. |
| Necessity for Preventing or Mitigating Harm to Life, Body, or Health | To prevent or mitigate harm to an individual’s life, body, or health, such as providing an application for epidemic monitoring in accordance with government policies. |
| For Contractual Compliance | To enable the Company to fulfill its contractual obligations or undertake necessary actions related to entering a contract in which you are a party. Examples include employment contracts, service agreements, memorandums of understanding, or other forms of contracts. |
| For Historical, Research, or Statistical Documentation | To enable the Company to prepare or support the preparation of historical records, research, or statistical data as required. For example, compiling a directory of directors or committee members, gathering statistics on the use of digital government services, or monitoring the implementation of digital government policies. |
| Your Consent | For the collection, use, or disclosure of personal data in cases where the Company is required to obtain your consent, having first informed you of the purpose of such collection, use, or disclosure. Examples include the collection of sensitive personal data for purposes not covered under the exemptions of Sections 24 or 26 of the Personal Data Protection Act B.E. 2562 (2019), or presenting and promoting products and services of business partners or contractual affiliates to you. |
In cases where the Company is required to collect your personal data for contractual compliance, legal obligations, or the necessity of entering into a contract, if you refuse to provide such personal data or object to the processing for the intended purpose of the activity, it may result in the Company being unable to fully or partially carry out the requested actions or services.
6.Cookies
The Company collects and uses cookies, as well as other similar technologies, on websites under the Company's management, such as www.starsmicro.com, or on your devices depending on the services you use. This is to ensure the security of the Company's services and to provide you, as a user, with convenience and a better experience when using the Company's services. This information will also be used to improve the Company's website to better suit your needs. You can configure or delete cookies yourself through your web browser settings.
7.Purpose of Collecting Personal Data
The Company will obtain your consent in writing or through the website and will use the personal data received from you for the purposes, with necessity and appropriateness as required by law. Purposes for which the Company will use your personal data:
| Purpose/Activity | Type of Personal Data | Legal Basis for Collection,Use,or Disclosure |
| Inquiry, Selection, and Recruitment | • Identity Information • Contact Information | • Performance of a contract |
| • Technical Information • Academic Information • Usage Information | • Consent from the data subjec | |
| Preparation and Notification of Training Programs | • Identity Information • Contact Information • Technical Information • Academic Information • Usage Information | • Performance of a contract • Consent from the data subject |
| Protection of employee welfare and provision of holistic health care benefits, services, and support. | • Identity Information • Contact Information • Academic Information • Sensitive Information | • Performance of a contract • Consent from the data subject |
| Compliance with legal and | • Identity Information | • Legal obligation |
| regulatory requirements. | • Contact Information • Technical Information • Academic Information • Usage Information • Financial Information • Transaction Information | |
| Management of operations, including employee record-keeping, invoice and fee administration, accounting, asset management, and security agreement management (including the use of CCTV and monitoring of the company’s IT and communication systems, in accordance with IT and communication facility usage policies). | • Identity Information • Contact Information • Technical Information • Academic Information • Usage Information • Financial Information • Transaction Information | • Performance of a contract • Consent from the data subject• Necessary for the company’s legitimate interest in maintaining security • Vital interest |
| Employee management, including recruitment/hiring of contractors, payroll and pension administration, sick leave, performance evaluation, handling of complaints, competency assessments, disciplinary procedures, and maintaining appropriate HR records for current and former employees, including reference documentation. | • Identity Information • Contact Information • Technical Information • Academic Information • Usage Information • Sensitive Information • Financial Information • Transaction Information | • Performance of a contract • Consent from the data subject |
| Maintaining employee relations. | • Identity Information • Contact Information | • Necessary for the company’s legitimate interest in maintaining various relationships |
| Preserving historical and memorable records related to employee history | • Identity Information • Contact Information • Academic Information | • Necessary for the company’s legitimate interest in retaining company records |
| Managing the relationship between the company and employees, including: a) Notifying employees of changes to company privacy policies and terms. b) Requesting employees to participate in reviews or surveys. | • Identity Information • Contact Information • Marketing and Communication Information | • Performance of a contract • Legal obligation • Necessary for the company’s legitimate interest in updating company records and tracking how customers use the company’s services. |
| Managing and protecting the company and its website, including troubleshooting, data analysis, testing, system maintenance, support, reporting, and data storage. | • Identity Information • Contact Information • Technical Information • Transaction Information • Usage Information • Academic Information | • Performance of a contract • Necessary for the company’s legitimate interest in conducting its business, providing IT administration and network security services, preventing fraud, and in the context of business improvements or corporate restructuring. • Legal obligation • Necessary for the company’s legitimate interest in detecting or preventing illegal activities. |
| Use data analysis to improve the company's website, products/services, marketing, customer relationships, and overall experience. | • Technical Information • Usage Information • Marketing and Communication Information | • Necessary for the company’s legitimate interest in identifying customer segments for the company’s products and services, keeping the company’s website up to date and aligned, developing the company’s business, and informing about the company’s marketing strategies. |
| Process your job application submitted for employment with the company. | • Identity Information • Contact Information • Sensitive Information | • Necessary for the company’s legitimate interest in recruiting employees for vacant positions and sourcing candidates. • Performance of a contract |
8. Categories of Entities to Whom the Company Discloses Your Personal Data
Under the purposes specified in Section 9 above, the Company may disclose your personal data to the following entities. The types of recipients listed below serve as a general framework for the Company’s disclosure of personal data. Only those relevant to the products or services you use or engage with will be applicable.
1) The Company will keep your personal data confidential and does not have a policy to sell your personal data to external parties. If the Company is legally required to disclose your personal data, it will only disclose it to authorized people or entities as necessary. The Company may share your personal data with the external parties mentioned below to fulfill the objectives outlined in the table above.
2) The Company’s affiliates and/or authorized personnel acting on behalf of the Company.
3) Service providers, such as agents, travel agencies, contractors, consultants, financial institutions, cloud service providers, marketing companies, and IT development firms. These entities may be located domestically or internationally, and all relevant parties will enter contracts with the Company.
4) Government agencies or regulatory authorities to comply with legal obligations or official requests.
5) The Company may acquire or merge with other businesses or sell part or all its operations. In the event of such changes, your personal data may be disclosed to advisors and prospective buyers or partners. Any new owners or partners will use your personal data in the same manner specified in this privacy policy, unless explicitly permitted or required otherwise by law or regulations.
6) The Company requires all external parties to respect the security of your personal data and process it in compliance with legal requirements. The Company does not permit third-party service providers to use your personal data for their own purposes and only allows them to process your data for specified purposes in accordance with the Company’s instructions. All external partners acting as data processors are selected through the Company’s third-party due diligence process and are bound by data processing agreements with the Company.
1) The Company will keep your personal data confidential and does not have a policy to sell your personal data to external parties. If the Company is legally required to disclose your personal data, it will only disclose it to authorized people or entities as necessary. The Company may share your personal data with the external parties mentioned below to fulfill the objectives outlined in the table above.
2) The Company’s affiliates and/or authorized personnel acting on behalf of the Company.
3) Service providers, such as agents, travel agencies, contractors, consultants, financial institutions, cloud service providers, marketing companies, and IT development firms. These entities may be located domestically or internationally, and all relevant parties will enter contracts with the Company.
4) Government agencies or regulatory authorities to comply with legal obligations or official requests.
5) The Company may acquire or merge with other businesses or sell part or all its operations. In the event of such changes, your personal data may be disclosed to advisors and prospective buyers or partners. Any new owners or partners will use your personal data in the same manner specified in this privacy policy, unless explicitly permitted or required otherwise by law or regulations.
6) The Company requires all external parties to respect the security of your personal data and process it in compliance with legal requirements. The Company does not permit third-party service providers to use your personal data for their own purposes and only allows them to process your data for specified purposes in accordance with the Company’s instructions. All external partners acting as data processors are selected through the Company’s third-party due diligence process and are bound by data processing agreements with the Company.
9. Transfer of Personal Data to Foreign Countries
The Company may transfer personal data abroad, ensuring that the destination country or recipient organization has adequate data protection standards and/or privacy policies in place.
10. Retention Period of Your Personal Data
The Company will retain your personal data only for as long as necessary to fulfill the purposes stated in this policy, unless there is a legal requirement to retain it for other reasons, such as compliance with laws or resolving disputes. In such cases, the Company may be required to retain the data beyond the stated period.
11. Security Measures for Personal Data Protection
The Company has established appropriate security measures to prevent the loss, unauthorized access, use, alteration, modification, or disclosure of personal data, in compliance with its information security policies and applicable laws.
If the Company engages external parties to collect, use, or disclose personal data, it will require them to maintain confidentiality and security, ensuring that the data is not used, collected, or disclosed beyond the agreed scope or in violation of the law.
If the Company engages external parties to collect, use, or disclose personal data, it will require them to maintain confidentiality and security, ensuring that the data is not used, collected, or disclosed beyond the agreed scope or in violation of the law.
12. Data Protection Officer
The Company has appointed a Data Protection Officer (DPO) to oversee, monitor, and provide guidance on the collection, use, or disclosure of personal data. The DPO also coordinates and cooperates with the Personal Data Protection Committee to ensure compliance with the Personal Data Protection Act B.E. 2562 (2019).
13. Your Rights Under the Personal Data Protection Act B.E. 2562 (2019)
The Personal Data Protection Act B.E. 2562 (2019) establishes various rights for data subjects. These rights will take effect once the relevant provisions of the law become enforceable. The details of these rights are as follows:
- Right to Access Personal Data You have the right to request access to, obtain a copy of, and request disclosure of the source of your personal data collected by the Company without your consent, except where the Company has the right to refuse such a request under legal grounds or a court order, or where exercising your right may adversely affect the rights and freedoms of others.
- Right to Rectify Personal Data If you find that your personal data is inaccurate, incomplete, or outdated, you have the right to request a correction to ensure that your data is accurate, up-to-date, complete, and not misleading.
- Right to Erasure or Destruction of Personal Data You have the right to request that the Company delete or destroy your personal data or anonymize it so that it can no longer identify you. However, the exercise of this right must comply with the conditions prescribed by law.
- Right to Restrict Processing of Personal Data You have the right to request a restriction on the processing of your personal data in the following cases: a) While the Company is verifying your request to correct inaccurate, incomplete, or outdated personal data. b) When your personal data has been unlawfully collected, used, or disclosed c) When your personal data is no longer necessary for the original purposes stated by the Company, but you wish for the Company to continue retaining the data for the establishment, exercise, or defense of legal claims.d) While the Company is verifying the legal grounds for collecting your personal data or assessing the necessity of processing your data for public interest purposes after you have exercised your right to object to the processing of your personal data.
- Right to Object to the Processing of Personal Data You have the right to object to the collection, use, or disclosure of your personal data, except where the Company has legal grounds to reject your request (e.g., the Company can demonstrate that it has overriding legitimate grounds for processing your data, or that processing is necessary for legal claims, compliance with legal obligations, or the public interest).
- Right to Withdraw Consent If you have previously given consent for the Company to collect, use, or disclose your personal data (whether before or after the Personal Data Protection Act B.E. 2562 (2019) came into effect), you have the right to withdraw your consent at any time while the Company continues to retain your personal data. However, this right may be subject to legal restrictions requiring the Company to retain the data, or contractual obligations between you and the Company that provide benefits to you.
- Right to Data Portability You have the right to request your personal data from the Company in a format that is commonly readable and usable by automated tools or devices. This data should be transferable and capable of being processed through automated means. You may also request that the Company send or transfer your personal data in such a format to another data controller. However, the exercise of this right is subject to conditions prescribed by law.
14. Updates and Amendments to the Privacy Policy
The Company may review, amend, or modify this policy as deemed appropriate and will notify you via the website www.starsmicro.com, with the effective date of each revised version indicated. However, the Company recommends that you regularly check for updates to the policy via the application or specific channels related to Company activities, particularly before disclosing your personal data to the Company.
By continuing to use the Company’s products or services after the enforcement of a new policy, you acknowledge and accept the terms of the updated policy. If you disagree with the details of the revised policy, please discontinue using the services and contact the Company for further clarification.
The Company may review, amend, or modify this policy as deemed appropriate and will notify you via the website www.starsmicro.com, with the effective date of each revised version indicated. However, the Company recommends that you regularly check for updates to the policy via the application or specific channels related to Company activities, particularly before disclosing your personal data to the Company.
By continuing to use the Company’s products or services after the enforcement of a new policy, you acknowledge and accept the terms of the updated policy. If you disagree with the details of the revised policy, please discontinue using the services and contact the Company for further clarification.
15. Inquiries and Exercising Your Rights
If you have any questions, suggestions, or concerns regarding the Company’s collection, use, and disclosure of personal data or this policy, or if you wish to exercise your rights under data protection laws, you may contact:
1) Data Controller
Name: Stars Microelectronics (Thailand) Public Company Limited
Contact Address: 605-606 Moo 2, Bang Pa-In Industrial Estate, Klong Jik Subdistrict, Bang Pa-In District, Phra Nakhon Si Ayutthaya 13160, Thailand
- Email Contact: [email protected]
- Phone Contact: 02-612-6060
2) Data Protection Officer: DPO
Contact Address: 605-606 Moo 2, Bang Pa-In Industrial Estate, Klong Jik Subdistrict, Bang Pa-In District, Phra Nakhon Si Ayutthaya 13160, Thailand
- Email Contact: [email protected]
1) Data Controller
Name: Stars Microelectronics (Thailand) Public Company Limited
Contact Address: 605-606 Moo 2, Bang Pa-In Industrial Estate, Klong Jik Subdistrict, Bang Pa-In District, Phra Nakhon Si Ayutthaya 13160, Thailand
- Email Contact: [email protected]
- Phone Contact: 02-612-6060
2) Data Protection Officer: DPO
Contact Address: 605-606 Moo 2, Bang Pa-In Industrial Estate, Klong Jik Subdistrict, Bang Pa-In District, Phra Nakhon Si Ayutthaya 13160, Thailand
- Email Contact: [email protected]