1. Information We Collect
The OCM application collects only the minimum information necessary to provide its core functionality:
- Authentication credentials — Username and password used to sign in via the Excise Department's Single Sign-On (SSO) system. These credentials are not stored locally on your device.
- Biometric data Device-only — If you choose to enable fingerprint login, your biometric data is processed entirely by your device's operating system (Android Biometric API). The application does not access, store, or transmit your biometric data in any form.
- Oil transaction data — Records related to oil inflow/outflow from industrial facilities (e.g., document type, date, transport method, reference number) that you access or submit through the app. This data is transmitted securely to the Excise Department's servers.
2. How We Use Your Information
Information collected is used solely for the following purposes:
- To authenticate your identity via the Excise Department's SSO system
- To allow you to view, verify, and submit oil-related tax documents (e.g., น.ม.1 forms)
- To send real-time notifications relevant to your assigned tasks
- To support government regulatory compliance and auditing functions
Your data is never used for commercial purposes, advertising, or profiling.
3. Single Sign-On (SSO)
The OCM application authenticates users through the Excise Department's centralized Single Sign-On (SSO) system. When you log in, your credentials are verified by the Excise Department's identity management infrastructure. The application does not maintain its own user account database.
The SSO system operates under the Excise Department's security policy and is subject to its own data protection protocols.
4. Biometric Authentication
The application offers an optional fingerprint login feature for convenience. When enabled:
- Biometric verification is handled entirely by your Android device's secure hardware and operating system
- The application receives only a pass/fail authentication result — no fingerprint image or biometric template is ever accessed by the app
- You may disable this feature at any time in the app's Settings
5. Sharing of Information with Third Parties
The OCM application does not share, sell, or transfer any user data to third parties for commercial purposes. Data is transmitted only to:
- The Excise Department's secure servers as required for regulatory functions
The application does not integrate with any advertising SDKs, analytics platforms, or external social media services.
6. Data Security
All data transmitted between the application and the Excise Department's servers is encrypted using industry-standard protocols. The application complies with the Thai government's cybersecurity standards for public-sector digital services.
Access to the application is restricted to authorized personnel only, as defined by the Excise Department's user management system.
7. Data Retention
Transaction data submitted through the application is retained by the Excise Department in accordance with applicable laws and government record-keeping requirements. The application itself does not store personal data locally beyond what is needed for your active session.
8. Your Rights (PDPA)
In accordance with Thailand's Personal Data Protection Act B.E. 2562 (PDPA), you have the right to:
- Access and review personal data held about you
- Request correction of inaccurate data
- Withdraw consent where processing is based on consent
To exercise these rights, please contact us using the details below.
9. Changes to This Policy
If there are any changes to this Privacy Policy, users will be notified through an application update. This policy is effective as of June 23, 2025.
10. Contact Us
If you have any questions about this Privacy Policy, please contact us at:
The Excise Department
Email: artit.supar@gmail.com