Our Privacy Statement on the use of our websites and the Mercedes-Benz Group AG Data Protection Policy do not apply to your activities on the websites of social networks or other providers that can be accessed using the links on our websites. Please read the data protection provisions on the websites of those providers.
1. TYPE OF INFORMATION THAT WE COLLECT:
We collect Personal Data which identifies you as an individual, either directly or indirectly, that may be processed by us depending on the type of products or services we offer or provide which may include:
Identity Data: such as, first name, last name, nick name, title, date of birth, gender, marital status, education, work-related information (e.g., occupation, job title, company you work for), information on government-issued document (e.g., national identification number, passport number, driving license details, serial number of the identification documents), information to create your user profile (e.g., your username, password), signatures, photograph, copies and/or photographs from identification documents, personal verification result, and other identifiers.
Contact Data: such as, telephone number, mobile phone number, e-mail address, social media account, housing address, office address, billing address, delivery address, GPS location, country, information on household registration document, CCTV record on our premises, and other similar information.
Financial and Tax Data: such as, credit card number, credit card detail, bank account details, bank account statements, copies and/or photographs of front page of passbooks, tax identification number, tax filings, job industry, profession, professional certificate, data from salary statements or the Account Information Service (PSD2) and other payment information.
Credit Data: such as, external credit agency files on the data subject's creditworthiness and information on payment history for past financing agreements.
Preference Data: such as, lifestyles and interests (e.g., interests in specific vehicle models), spending behavior information, preferred dealer location, preferable products and services, preferred contact channels, preferred language(s), preferred service providers including financial services and insurance, and other Preference Data.
Corresponding Data: such as, feedbacks, comments, recommendations, chat logs, phone record, record over the phone conversation, corresponding emails, survey responses, survey scores, and other Corresponding Data.
Transaction Data: such as,
• Detail of products and services you have been quoted or purchased from us i.e. quotation date and location, inquired vehicle model, quoted price(s), date and location of purchase, purchase and/or order number, your financial service company, service recommendations and quotation, agreed services, appointment date for service, the service record and quotation, discounts and extra offers, etc.
• Detail about payment to and from you or your financial service company i.e. tax information, bank account, credit card detail, payment method, payment date and time, address and date and time for vehicle pick up or delivery, warranty details, complaints, claims, etc.
• Detail of your financial service application information i.e. application number, number of vehicles financed, contract number, term, financing product, your transaction and history including vehicle-related data (such as vehicle identification number, model, list price, age of vehicle), quotation, etc.
• Detail of third-party insurance and warranty transaction i.e. car insurance detail, car insurance claim detail and report, damages evidences, warranty detail for third party product and services, third party warranty claim detail, etc.
Vehicle Related Data: such as, vehicle identification number (VIN) (including chassis number, engine number, radio number, transmission number, commission number or any other similar vehicle identifiers), fleet identification number (FIN), information on license plate, information on vehicle registration book, vehicle model, mileage, engine capacity, nationality sign, your driving behaviors, and any other vehicle details.
Your Corporate Data: If you are a contact person of a legal entity or a fleet customer, we may also collect certain personal data, such as your current car(s), models, year of purchase, purchasing plan, and other information provided by you to us.
Our Identification Data: Detail of our own generated identification number i.e. Mercedes me ID, customer ID, lead ID, dealer ID, vendor ID or vendor group ID, contract number, dealer staff ID, vendor staff ID, your password, etc.
Device and Usage Data: such as, login data, credentials, browser type and version, operating system, time zone and language preference settings, approximate geographical information, details of the device you are using (e.g., IP address, name of your internet provider, device serial number, IMEI number, unique identification number, cookie ID), information about how you use our websites, mobile applications or other online portals (e.g., date of visit, time and length of visit, frequency of your visits, words you input to search for information, your interactions to features on our websites), the website from which you visit our websites, and the website after which you visit our websites.
Other Data: such as,
• Information that you provide to us as part of registration, contact form, competition for prize or other activities. For example, when you register for participation in our exclusive events, we may collect your personal data for arrangement of such events (such as, dietary requirements, food allergy, passport details, travel arrangement details, arrival and departure date/time, and other relevant information).
• Information that you provide to us in emergency situation. For example, car accident or malfunction, trauma status, relevant parties in the situation, your requests, your preferred customer service center, etc.
• Information from customer due diligence process e.g., personal data from financial intelligent units.
Sensitive Personal Data: personal data that legally categorized as sensitive, this may include biometric data (e.g., facial and/or fingerprint recognition data), certain information that may appear on identity documents that are required as supporting documents for relevant legal contracts (e.g., religious belief, race, blood type), we may collect your sensitive personal data only with your consent and/or where permissible by applicable laws. In the case where collection of the sensitive personal data, is inevitable, and does not serve our lawful basis, you agree to redact such sensitive personal data before providing such documents to us.
2. HOW ARE YOUR PERSONAL DATA COLLECTED?
We collect your personal data through various means including:
• Directly from you via off-line and online channels such as conversation with our staff or agent, contact with our call center, postal or delivery services, phone call, fax, email, our websites, social network pages, our official social network account, social media, our online connect application, our online store, our other online application, online chat room, vehicle's dashboard, CCTV at our premises, etc.
• Indirectly from the third parties, such as our business partners, including co-branded partners, vendors, insurance brokers, insurance companies, financial institutions, credit bureaus, alternative credit scoring agencies, auction houses, collections agency, regulatory agencies, financial intelligent units, call center operators engaged by us, marketing services providers, your authorized representatives, your relatives or related person, our customers, and etc.;
• Indirectly from authoritative sources owing to the digital identification process;
• Indirectly from publicly available sources, such as media, your public profile on third party social network platforms, published government data, company registration from authority, and any other public sources;
• Indirectly from one of us as we may share your personal data among us.
• Indirectly, when you are added as an emergency contact, from our customers.
3. HOW DO WE USE YOUR PERSONAL DATA?
We may process your Personal Data under at least a lawful basis in each activity. We collect, use or disclose your Personal Data under the following circumstances:
3.1 CONTRACTUAL BASIS:
• Perform contract signing, fulfil our contractual obligation, or demand with you or our corporate customer which involves you as the relevant person of the corporate customer.
• Process, manage and administer orders for vehicle, vehicle parts, accessories, in-car services, online-services, after-sale services, payments, fees, and discounts, (if any).
• Process and perform our warranty or third-party warranty obligations to you, for example, warranty registration, and facilitation of warranty claims for certain vehicle parts (such as, tires, window films, etc.)
• Process, manage, and administer related insurance policy, insurance claims for your vehicle and our aftersales services.
• Communicate with you about our sites, services or performance of our obligations under contract with you or vice versa such as proceeding or following up with payment under the relevant contracts, warranty, or insurance policies.
• Create and maintain online accounts for you.
• Provide benefit to members of our loyalty program.
• Process subsidy charge requests by our affiliates.
In addition, for financial service customers:
• Process your requests for products and services such as conducting credit and collateral check.
• Perform daily operation with you (e.g. process with business partner account opening, process with payment to the existing business partner, verify authorization of the authorized signatory(ies) and collect as supporting evidence for entering a contract).
3.2 LEGAL & REGULARTORY COMPLIANCE BASIS:
• Perform Know-Your-Customer (KYC) and Customer Due Diligence (CDD) including verification against the Sanction Lists of the applicable authorities.
• Comply with our internal policies, applicable laws, regulations, and regulatory guidelines, including but not limited to liaising and interacting with and responding to law enforcement agency, court, regulator and/or any other government authority.
• Complete vehicle registration with the relevant government authorities (such as, Department of Land Transport).
• Manage vehicle return/recall and related activities, for example, notification to you on product recall for safety reason, and vehicle buyback.
• Process and facilitate your request for change of information and VIN reassignment, for example, to create a credit note.
In addition, for financial service customers:
• Report your information to credit bureau agencies.
3.3 LEGITIMATE INTEREST BASIS:
• Perform our day-to-day operations including accounting works, cross-validating information in our organization(s) and/or with our business partners and preparing various reports and surveys.
• Handle inquiries, requests, complains and claims made by you or us, for example, processing claims for damages, legal review, legal claim, debt collection, vehicle repossession (if any).
• Arrange test drives via our website, online platforms, or our Retail Partner network.
• Carry out authentication, access controls and logs where applicable, monitoring of system, devices and internet, ensuring IT security and IT operations, preventing and solving crimes, as well as risk management and fraud prevention.
• Conduct research and data analytics for improvement of our existing products and services or for development of new products and services by using anonymized and aggregated data.
• Conduct survey on our products and services, including our Retail Partner’s services.
• Maintain relationships with you such as organizing meetings or sending gifts.
• Security reasons (e.g. record of CCTV footage or access card will be used for detection and prevention of crime; detection and prevention of safety incidents; detection and prevention of unauthorized access to our premises and restricted areas; detection and prevention of gross misconduct; supporting safety, security and internal investigations; supporting criminal investigations)
• Use in our internal daily business management and performance assessment.
• Conduct internal or external audit activities.
In addition, for financial service customers:
• Perform Risk Management activities by using your data in order to create risk models, perform various analysis, make risk situation transparent and steer among us. Such processing includes but is not limited to;
o Development of risk instruments that are used to determine customer creditworthiness, and thereby minimize the financial risk through an appropriate credit decision.
o Calibration of risk provisioning parameter and monthly provisioning calculation as a requirement under the accounting standard (IFRS9) and other applicable accounting standards.
o Planning activities with regards to forecasting as well as simulations of developments.
o Risk steering among our financial business entities which includes: calibration of risk parameter, economic capital calculation, risk adjusted profitability steering.
o Reporting, e.g. monitoring the development of number of sales as well as financing and leasing contracts per vehicle model, monitoring of profitability, monitoring of the share of “green financing” (electric vehicles), monitoring the development of risk KPIs such as delinquencies, credit losses, provisions, quality of the acquisitions, monitoring the performance of the different risk models, etc.
o Market risk analysis especially interest rate and liquidity risk management for the purposes of asset and liability management.
• Use the data for the calibration of risk provisioning parameters, monthly calculation of provisions and risk KPIs, forecasting the cost of credit risk as part of the plan-is comparison processes, economic capital parameter calibration and calculation, risk adjusted profitability steering, creation of various reports and dashboards and market risk analysis, such as interest rate and liquidity risk management.
• Build precise risk models, makes risk situation transparent, gains specific knowledge about its portfolio, steers the company and perform efficient risk management so that the management can protect the economic interests of our financial services business.
• Keep depository of vehicle registration books of the vehicles under our ownership that may contain your personal data as a possessor.
• Perform and process vehicle tax renewal of the vehicles under our ownership that may contain your personal data as a possessor in the vehicle registration books.
3.4 CONSENT BASIS:
For the Consent Basis, we will use your personal data if you provide us consent.
• Perform customer verification using biometrics recognition technology with your explicit consent for the purpose of relevant electronic Know-Your-Customer, electronic signatures, and electronic consents.
• Provide you with marketing communications, offers, or other information relating to our products and services.
• Create, analyze, and/or integrate customer profiles for marketing purpose, for examples, carry out or adjust marketing campaigns, data analysis to personalize the marketing campaign specifically for you, contact you for the marketing purpose, remarketing, etc.
• Offer a variety of products or services that may not be similar to the products or services we have offered to you but should match your interests by creating personalized promotions and communicate with you about our brands, products, services or events as a result of such personalized marketing including co-branded and affiliate offers and business partner offers.
• Sharing your personal data with our Third-Party business partners for you to explore interesting opportunities and offers.
• Organize a marketing event relating to products or services with an opt-out option provided.
• Provide special offers to our eligible customers (such as, special gifts, premium vouchers).
In addition, for financial service customers:
• Process your information regarding credit model.
If we may use your personal data outside of the scope described above, we will inform you the new purpose separately as soon as possible.
When we need to collect your personal data as required by law, or for entering into or performing the contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products or services). In this case, we may be unable to provide you with products or services and may have to cancel such products or services.
4. WHOM DO WE SHARE YOUR PERSONAL DATA WITH?
• We share your personal data for the purposes set out in section 3 above. We share your personal data among us i.e. Mercedes-Benz (Thailand) Limited, Mercedes-Benz Mobility (Thailand) Limited, Mercedes-Benz Group AG and its subsidiary and affiliate companies, our Retail Partner network (click here to see the current list).
• We share your data to our third party service providers engaged by us (e.g., subcontractor for the aftersales services, call center service operators, roadside assistance providers, emergency assistance providers, Mercedes-Benz Group data center, customer survey service providers, marketing agencies, organizers of events, label printing company, banking service provider, credit card service providers, payment service providers, external auditor, law firm, customs service provider, legal service provider, collection agencies, IT support service provider, website hosting service providers, social media, online forum service provider, direct communication service provider, mailing and postal services, etc.)
• We share your personal data with our business partners (e.g., credit card issuer, financial institutes, banks, insurance agents, insurance companies, car film companies, car cleaning and waxing companies, wrapping service companies, tire companies, any other car accessory company, etc.) subjected to your consent.
• In some cases, we may share your personal data to any government authority, law enforcement agency, court, regulator, or other third party where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individual’s personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues, or credit information.
• In the event of a merger, acquisition, financing, sale of assets or any other situation involving the transfer of some or all of our business assets, we may disclose your Personal Data to those involved in the negotiation or transfer. If a change happens to our business, the part of our business that is (as the case may be) sold, acquired or merged, such entity may process your Personal Data in the same way as set out in this Notice.
• We may share your Personal Data with any other person who is under a duty of confidentiality to us.
• We may share your information in a way that does not directly identify you (e.g. anonymized data or aggregated data) for statistical analysis and other business purposes.
5. DO WE TRANSFER YOUR PERSONAL DATA OVERSEAS?
We need to transfer your personal data outside Thailand to third countries which may have a higher or lower level of data protection standards than in Thailand, such as when we store your personal data on cloud platforms located outside Thailand.
When it is necessary to transfer your personal data to a third country with a level of data protection standards lower than in Thailand or unrecognized as equal personal data protection country by the relevant Thai authority, we will ensure an adequate degree of protection is afforded to the transferred personal data or that the transfer is otherwise permitted in accordance with the applicable data protection law. We may, for example, obtain contractual assurances from any third party given access to the transferred personal data or establish binding corporate rule that such data will be protected by data protection standards which are equivalent to those required in Thailand.
If you wish to seek further information about how we protect your personal data when it is transferred outside Thailand, please contact us at the address in “Contact us” section.
6. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
Your Personal Data processed for the purposes hereunder will be stored only to the extent necessary during the term of your participation in the services with us, for the period necessary to fulfil the purposes outlined in this, including during a transition period (e.g. for the compliance of our obligations regarding data retention as established in applicable laws), or responding to legal claims or regulatory requests (if any).
In principle, we will retain your Personal Data as long as required, permitted by applicable law, or for a certain period after you withdraw your consent while there is no other legal basis. For instance, most of our customer’s, guarantor’s and/or business partner’s data is kept for the duration of the contractual relationship and maximum of 10.5 years after the end of the contractual relationship in accordance with general statute of limitation under Thai law. For non-contractual related customer or lead, your data will be kept for maximum of 13 months from your last activity to ensure that you will no longer revert to us. If you provide us a consent, your personal data will be kept as active until you revoke the consent without another activity.
When Personal Data is no longer needed, or in any event, after legal authority to retain it has expired, we will remove your Personal Data from our systems and records and/or take steps to properly anonymize or pseudonymize it.
For financial service customers, the personal data used for the Risk Management processes is stored as long as the legitimate interest under the relevant law persists. The legitimate interest ends when the contractual agreement between the customer and us ends. Three exceptions apply here:
• Retention period is prolonged if outstanding payments are expected from the customer, for example if the customer is involved in collection processes and the vehicle(s) have to be repossessed or they are stolen, etc.
• In accordance with Thai law and notifications issued thereunder, booking relevant data is kept up to 10 years.
• For the purposes of development and reporting, the data from credit checks is processed and joined with information on your payment history. In case no contract comes into force, data is anonymized upon cancellation of your application.
7. YOUR RIGHTS:
The rights in this section are your legal rights, where you may request exercise of these rights under the conditions prescribed by law and our right management procedures. These rights are as follows:
• To request access, obtain a copy of your personal data, or for the disclosure of the acquisition of your personal data that is obtained without your consent.
• To have your personal data corrected, if it is inaccurate or not up to date, which will help us comply with our obligation to have up-to-date data about you.
• To have your personal data erased, destroyed or anonymized.
• To request us to provide your personal data in a structured, commonly used and machine-readable format, and transmit it to another organization.
• To object to us or restrict us from collecting, using, or disclosing your personal data.
• To withdraw consent for collection, use, or disclosure of your personal data that is based on your consent at any time. If you opt out of receiving promotional communications from us, we may still send you non-promotional communications such as emails about your accounts or our ongoing business relations.
• To file a complaint with the responsible data protection supervisory authority when we, our staff or our service providers violate or fail to comply with the relevant law or notifications issued thereunder.
For financial service applicants, you have the rights to have the automated decision reviewed manually. You can also present your own opinion and contest the decision.
To exercise any of these rights in this section, you may contact us at the address in “Contact us” section.
Your request for exercising any of the above rights may be limited by the applicable laws. There may be certain cases where we can reasonably and lawfully decline your request, for example, due to our legal obligation or court order. If we decline your request under this section, we will notify you of our reason.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your information (or to exercise any of your other rights). This is a security measure to ensure that your information is not disclosed to any person who has no right to receive it. Please include a scan/copy of your proof of identity for identification purpose when required.
You will not have to pay a fee to access your information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We try to respond to all legitimate requests within 30 days. Occasionally it may take us longer than 30 days if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If you believe our collection, use or disclosure of your personal data is in violation of the applicable data protection law, you have the right to lodge a complaint to the competent data protection authority, where applicable. We would, however, appreciate the chance to deal with your concerns before you approach the authority, so please contact us in the first instance.
We encourage you to look for updates and changes to this policy by checking the date of our policy when you visit our sites.
9. OTHERS AND INTERIM MEASURE:
9.1 HOW WE SECURE YOUR PERSONAL DATA?
We take reasonable steps to maintain appropriate physical, technical and administrative security to help prevent loss, misuse, unauthorized access, disclosure or modification of Personal Data.
While we take these reasonable efforts to safeguard your Personal Data, no system or transmission of data over the internet or any other public network can be guaranteed to be absolutely secure. You are responsible for protecting your password(s) and maintaining the security of your devices.
9.2 IF YOU ARE A MINOR:
We welcome everyone to become our valued customer and to become part of our community. However, if you are under the age of 20, additional consent from your legal guardian is required prior to using our services or having any interactions with us by any means.
9.3 YOUR PRIOR CONSENT:
Please be hereby informed that your marketing consent that you provided to one of us ( Mercedes-Benz (Thailand) Limited, Mercedes-Benz Mobility (Thailand) Limited, our affiliates companies under the Mercedes-Benz Group AG, and our Mercedes-Benz Retail Partner network) shall be deemed as consents for the following activities:
• Mercedes-Benz Exclusive Offers, and Personalized Marketing Communications: You will receive information and recommendations about products and services of Mercedes-Benz from Mercedes-Benz Group and Retail Partner network. Your data can be processed overseas and used for research and data analytics to develop and/or improve Mercedes-Benz products and services.
• Recommendation to our Third-Party Business Partners: You will be recommended for Third-Party Business Partners to explore interesting opportunities and offers. You permit Mercedes-Benz Group and Retail Partner network to transfer my personal data to and to be contacted directly by the selected Third-Party business partners. In most cases, our Third-Party Business Partner will contact you directly to collect your personal data and ask for your consent from you directly and separately.
Third-Party Business Partners include (1) a bank or a credit card service company for recommendation of our Mercedes credit card with exclusive benefits for Mercedes-Benz car purchasers; (2) banks or financial institutions for financial service offers and liaison; (3) insurance companies for car insurance offers, insurance claim, or performance of contractual obligations; (4) third party suppliers for contractual purpose to fulfill our obligations and warranty including but not limited to car film companies, car wrap service, car cleaner & wax service, and any other selected business partners.
In case you want to withdraw these consents, please contact us and exercise your rights.
9.4 COOKIES USAGE:
You can find our Cookies usage and change your Cookies preference via the link below:
10. CONTACT US:
For change of your personal data and the consent, please contact our Mercedes-Benz Call Center at 1250, email us at email@example.com, or directly contact your authorized Mercedes-Benz dealer or service center.
For exercise your other rights, please contact the channels above or Thailand Data Protection Officer at firstname.lastname@example.org
Mercedes-Benz (Thailand) Limited:
AIA Sathorn Tower,
20th Floor 11/1 South Sathorn Road,
Yannawa, Sathorn, Bangkok, Thailand 10120
Mercedes-Benz Mobility (Thailand) Co., Ltd:
AIA Sathorn Tower,
19th Floor 11/1 South Sathorn Road,
Yannawa, Sathorn, Bangkok, Thailand 10120
Mercedes-Benz Group AG:
Mercedes me Privacy Center
Tel.: +49 711 17 - 0
Authorized Mercedes-Benz Dealer & Service Center Network in Thailand:
[link to our dealer list]
Last update: February 2024