Jaspal Public Company Limited (“Company”) recognises the importance of protecting the personal data that you have provided or may provide to the Company. Therefore, the Company has issued this Privacy Notice to inform and help you understand the details concerning the collection, use, and disclosure (collectively referred to as “Processing”) of your personal data in accordance with the Personal Data Protection Act B.E. 2562 (2019), including your legal rights as the data subject. The details are as follows:
This Privacy Notice applies to the personal data that the Company has received or collected from you in connection with your provision of personal data for the purpose of entering into an employment agreement with the Company upon your selection for employment, receiving benefits, compensation, and entitlements from your employment, training and skill development for work, performance evaluation, workplace security, and/or any other activities related to human resource management as necessary. Therefore, the Company recommends that you read this Privacy Notice to be informed of and understand the methods, guidelines, and purposes by which the Company processes your personal data, as well as to be aware of your personal data rights and the Company’s contact channels.
“Employee” means an employee or worker under an employment agreement or any other individual who is engaged to work with the Company by way of appointment, or assignment to a position and/or duties as designated. This also includes former employees and retired employees.
“Personal Data” means any information relating to a person which can be used to identify such person, whether directly or indirectly, excluding data of deceased persons. Types of personal data include:
– General Personal Data: Such as title, name, surname, age, gender, nationality, date of birth, nickname, address, phone number, national ID number, passport number, social security number, taxpayer ID number, driver’s license number, bank account number, email address, vehicle registration number, etc.
– Sensitive Personal Data: Includes personal data related to race, ethnicity, political opinions, doctrines, religious or philosophical beliefs, sexual behaviour, criminal records, health information, disability, labour union information, genetic data, biometric data, or any other information that similarly affects the data subjects as specified by the Personal Data Protection Committee, of which the Company will proceed with special care. The Company will collect, use, and/or disclose Sensitive Personal Data only with your explicit consent or when the Company is legally required to do so.
However, the following information is not considered personal data: business contact information that does not identify a person such as company name, company address, company registration number, office phone number, work email address, email address of a company’s group such as info@company.co.th, anonymous data, or pseudonymous data which has been anonymised such that it cannot be used to identify a person by technical means, and data of deceased persons.
“Data Subject” means an individual who owns the personal data, in this case, “you” as the Employee.
The Company may collect your personal data as necessary for the purposes of collection, use, or disclosure as specified in Article 5. And in order to inform you and help you understand the details in regard to your personal data that the Company collects, the Company hereby informs you of the details as follows:
Types of Personal Data |
Details of Personal Data |
|---|---|
|
Basic Personal Data |
Title, rank, name, surname, age, gender, date of birth, nationality, photograph, marital status, number of children, signature, national ID number, passport number, visa, driver’s license number, social security number, taxpayer ID, work permit, certificate of name/surname change, military service record, ordination record, vehicle registration number, colour and model of vehicle |
| Contact Information |
Address as specified on national ID card or house registration certificate, address, telephone number, email address |
| Education and Employment Data |
Educational record, employment record, educational qualification documents, copies of academic transcripts, copies of degrees, learning history, skills and abilities, various licenses related to education and employment, salary certification from previous employers (if any) |
| Engagement Data |
Employee ID, job position, position level, department/division/affiliation, date of employment/promotion/permanent appointment as an employee, wages and compensation, benefits, severance pay, deduction information (e.g., income tax deductions, provident fund deductions, social security deductions), other compensation (if any), attendance record, overtime work, absence or leave records, training records, internship records, performance evaluation, appointments, transfers, position changes, disciplinary warning history, disciplinary action history, performance evaluation scores, salary increase information, bonus payment information, promotion information |
| Financial Data | Bank account number |
| Other Data | Personal Records (Resume/Curriculum Vitae (CV)), information from tests or interviews, information recorded by closed-circuit television (CCTV), still images and videos in relation to participation in various activities of the Company |
| Sensitive Personal Data | Criminal records, health information such as medical history, accident history, health check-ups, and medical treatments, disability information, biometric data such as fingerprints, facial recognition systems, and facial image data |
| Third-Party Data | Father’s and/or mother’s name and surname, father’s and/or mother’s age, references working with the Company, references (outside the Company), emergency contact persons, beneficiaries of various benefits, including the collection of personal data such as name, surname, relationship, phone number, and other information as necessary |
If you have provided a copy of your national ID card to the Company, please be informed that the Company does not intend to collect and use information related to religions and blood types (if any) appearing on your national ID card. Therefore, we request that you conceal such information (if any), and in the event that you do not conceal such information as informed by the Company, you will be deemed to have given consent and permitted the Company to conceal such information on your behalf, and any documents with such concealed information will be considered legally valid and enforceable in every aspect.
Furthermore, in the event that you have provided the personal data of third parties (e.g., father’s and/or mother’s name and surname, father’s and/or mother’s age, references working with the Company, references (outside the Company), emergency contact person, beneficiaries of various benefits) to the Company, the Company kindly requests that you inform such third parties of this Privacy Notice and that consent may be requested from such third parties as necessary unless another legal basis under the law permits otherwise.
Regardless, the collection, use or disclosure of your personal data requires consent from the Data Subject. The Company will explicitly request your consent in writing or by electronic means prior to, or during the collection of personal data. You have the right to refuse to provide your consent for the processing of your personal data, If you choose not to give consent or withdraw your consent, it may affect the employment contract with the Company upon your selection for employment, the receipt of benefits, compensation, and entitlements from your employment, training and skill development for work, performance evaluation, workplace security, and/or any other activities related to human resource management as necessary which require complete and correct personal data.
Furthermore, the personal data you provide to the Company must be correct, complete, truthful, and not misleading. You are required to keep your personal data up to date by informing the Company of any changes or updates through the contact channels of the Company as specified in Article 12 of this Privacy Notice.
4.1 Personal Data Provided Directly by You:
From the completion of job application forms, the execution of the employment agreements, and the attached documents related to the employment agreements, as well as any updates and changes to your data Additionally, the Company may receive your personal data from any other activities related to employment or various processes during the time you are employed by the Company.
4.2 Personal Data Received from Other Sources
The Company may obtain your personal data from other sources, such as information from referees, information from other background checks conducted.
4.3 Personal Data of Third Parties Such As
The Company may receive personal data of third parties related to you, which you provide to the Company, such as your father and/or mother, referees working with the Company, referees (outside the Company), emergency contact persons, or beneficiaries of various benefits.
The Company will collect, use, and disclose your personal data with the purposes based on the legal basis for data processing as follows:
5.1 Contractual Basis: For the performance of an agreement to which you are a party.
5.2 Legal Obligation: To perform duties as required by law, such as tax law, provident fund law, labour protection law, labour relations law, social security law, compensation law, the law on skill development training, and the law on the employment of foreign workers.
5.3 Legitimate Interest: For the legitimate interests of the Company, within reasonable expectations, which do not violate your fundamental rights or freedoms.
5.4 Consent: The Company will seek your consent in cases where the law requires consent or where the Company has no basis to process such personal data which has been collected from you.
The purposes of the collection, use, or disclosure of your personal data are as follows:
| Purpose of Processing | Details | Legal Basis |
|---|---|---|
|
1. To carry out the processes and procedures involved in drafting the employment agreement between you and the Company. |
After you have been selected for employment with the Company, the Company will draft an employment agreement to agree upon and confirm your employment. This may also include other contracts or agreements related to your employment, such as a confidentiality agreement, among others. |
- Contractual Basis - Legitimate Interest - Consent |
| 2. For the creation of an employee data registry. |
To collect your personal data and related documents provided to the Company and compile the foregoing into an employee file and in electronic format (employee data management system) for the purposes of probationary evaluation, performance evaluation, management of working days and hours, administration and management of holidays or leave days, issuance of work certificates, salary payments, compensation payments, disbursement of other benefits that the Company is required to provide to you, or for any other activities related to human resource management as necessary. |
- Contractual Basis - Legitimate Interest - Consent |
| 3. For the administration of your compensation, benefits, and entitlements. |
1. Compensation: To process salary payments, compensation payments, or the disbursement of other benefits that the Company is required to provide to you. 2. Benefits: To administer and provide various benefits and entitlements to you, such as group health insurance, reimbursement of medical expenses and/or other related costs from the group health insurance benefits, provident fund benefits, annual health check-ups, and gifts on special occasions such as weddings, company anniversaries, ordinations, childbirth, or funerals. 3. Entitlements: To use your personal data for booking accommodations, booking travel tickets, providing allowances, arranging travel insurance, obtaining visas, and providing other travel-related funds for training, meetings, or off-site work, as well as offering discounts on Company products and awarding long service awards. |
- Contractual Basis - Legitimate Interest - Consent |
| 4. For compliance with applicable laws. |
1. To comply with various laws, such as submitting employee documents and information to the Revenue Department, withholding and paying taxes, submitting employee documents and information to the Social Security Office, withholding social security contributions, submitting your documents and information to the Social Security Office for referral in case of injury or illness related to work, submitting your information to the Legal Execution Department following the registration of garnishment payments and electronic document submission to the Legal Execution Department, submitting your information to the Student Loan Fund (SLF), submitting your training information to the Department of Skill Development, and conducting health checks for the purpose of applying for licenses related to the Company’s operations. This also includes any other actions required to comply with legal obligations. 2. To comply with laws, orders from authorities, independent organisations, or officers with legal duties and authority, such as complying with subpoenas, garnishment orders, court orders, police officers, public prosecutors, government authorities, and reporting or disclosing information to government authorities or independent organisations. |
- Legal Obligation |
| 5. For the establishment of legal claims | For the establishment of legal claims, the compliance with or exercise of legal claims, or the defence against legal claims, as well as for providing evidence in legal proceedings, conducting litigation, and taking any other actions to enforce legal judgments. |
- Legitimate Interest - Legal Obligation |
| 6. For the purpose of identity verification and authentication. |
1. To use your personal data to create an employee identification card for the purposes of identification and authentication when accessing Company premises, using Company office equipment, and participating in Company training sessions or activities. 2. To use personal data, such as fingerprints, facial recognition systems, and facial image data, to verify and authenticate your identity for clocking in and out of work. |
- Contractual Basis - Legitimate Interest - Consent |
| 7. For the management of health and safety before the commencement of work. | To conduct background checks on criminal records and/or the health of new employees (for certain positions) before the commencement of work, to be used as information for assessing qualifications or suitability for performing duties under the employment agreement, and to support the application for licenses required for the Company's operations. |
- Legal Obligation - Legitimate Interest - Consent |
| 8. For the administration of employee training and skill development for the Company. |
1. To assist in the selection of candidates for training and to compile a list of participants for each training course organised by the Company (In-House Training) or for courses you wish to attend that are conducted by external parties (Public-House Training). To facilitate your participation, the Company may disclose your personal data, as necessary, to external parties to arrange related facilities for the training. 2. To test knowledge and understanding, conduct opinion surveys or questionnaires, and evaluate the results of tests and surveys. |
- Contractual Basis - Legitimate Interest |
| 9. For the organisation and management of various activities for employees, both within and outside the Company. |
For organising or participating in various activities, both within and outside the Company, which may involve the use of personal data such as your name, surname, and still images or videos of you participating in activities, for the purpose of dissemination and promotion through the Company's website or other online media according to the purposes of each activity. |
- Legitimate Interest |
| 10. For audit, oversight, and risk management purposes. | For risk management, prevention and investigation, and internal management within the Company, such as fraud investigation, employee disciplinary actions, or any other illegal acts, including the investigation and management of complaints and allegations related to the Company's operations or those involved, ensuring transparency and fairness for all parties. | - Legitimate Interest |
| 11. For the management of information technology usage. | To use as information for applying for access to electronic systems or enabling access rights to or the use of the Company's internet or various electronic systems, such as creating a username and password to access computers and various technological tools within the Company and accessing approval processes in accordance with the Delegation of Authority (DOA) table. | - Legitimate Interest |
|
12. For the performance of engagement agreements with clients, partners, or other persons. |
To disclose information to clients, partners, or other persons in connection with the rights and duties of work performed under the engagement agreements. | - Contractual Basis |
| 13. For ensuring security within the buildings or premises of the company. | For security purposes within Company premises, including exchanging access cards containing your personal data and recording images on the Company’s premises through CCTV. | - Legitimate Interest |
| 14. For internal communication. | For internal communication in case of necessity or emergency. | - Legitimate Interest |
| 15. For the management of occupational health and safety. | For the management of occupational health and safety, such as basic firefighting training, annual fire evacuation drills, first aid training, occupational health and safety training for new employees, and training on occupational and environmental diseases. |
- Legitimate Obligation - Legitimate Interest |
| 16. For the management of data for employees who have resigned/ former employees/ retired employees. |
1. To manage the continuity of the Company's business, to understand and document decision-making in your role while working with the Company, and to retain knowledge within the Company after you cease to be an employee of the Company. 2. When you submit your resignation from the Company, you will be asked to complete a questionnaire to provide reasons for your resignation, which the Company needs to analyse in order to improve its human resource management. 3. To disclose your employment information to your future employer in the event that you list the Company as a reference for your current employer. |
- Contractual Basis - Legitimate Interest - Consent |
The Company may disclose your personal data to internal and external parties as necessary to fulfil the purposes specified in this Privacy Notice. The Company may send your personal data to the following parties:
6.1 Internal Parties
Your personal data may be disclosed or sent to various departments within the Company, but only to those that are relevant and have a role or responsibility, and only to the extent necessary for the stated purposes, as follows:
6.2 External Parties
Your personal data may be disclosed or sent to the following organisations or third parties:
For external parties to whom the Company may disclose your personal data, appropriate measures are in place to ensure that your personal data is protected and secure. These measures include agreements that stipulate that external parties may use your personal data only as specified in the contract, as well as the requirement for a Non-Disclosure Agreement to maintain the confidentiality of your personal data provided for business purposes.
In cases where it is necessary to transmit or transfer your personal data abroad, the Company will comply with the Personal Data Protection law and take appropriate measures to ensure the protection of your personal data and allow you to exercise your rights relevant to your personal data as stipulated by law. The Company will also require the recipient of your personal data to implement adequate safeguards and process your personal data only as necessary.
The Company will retain your personal data only for as long as necessary for the purposes stated in this Privacy Notice unless the law requires a longer retention period. The Company will retain your personal data for a period not exceeding 10 years from the date of termination of your employment with the Company, for the purpose of verification in case of disputes within the statute of limitations as prescribed by law.
In the event that the period of retention has elapsed or the retention of your personal data becomes unnecessary, the Company will delete, destroy, or anonymise such personal data.
In the event that the Company collects, uses, or discloses your personal data for the purposes specified in this Privacy Notice, you have the following rights under the Personal Data Protection Act B.E. 2562 (2019):
9.1 Right to Withdraw Consent
If you have given consent to the Company for the collection, use, and/or disclosure of your personal data (whether such consent was given before or after the enforcement of the Personal Data Protection Law), you have the right to withdraw your consent at any time while your personal data is with the Company, unless there are legal restrictions or contractual obligations that benefit you.
The withdrawal of your consent may affect job consideration, various benefits that you may receive from the Company, or the ability to receive beneficial information. Therefore, it is beneficial for you to study and inquire about the potential impacts before withdrawing your consent.
9.2 Right to Access
You have the right to access your personal data and request a copy of your personal data that is under the Company’s responsibility. You may also request that the Company disclose the source of your personal data that is in the possession of the Company.
The Company may refuse your request to access and obtain a copy of your personal data if doing so would adversely affect the rights and freedom of other individuals, or if the Company is required by law or a court order to withhold such personal data.
9.3 Data Portability Right
You have the right to obtain your personal data in the event that the Company has prepared such personal data in a readable or usable format by automated tools or devices and where such personal data can be used or disclosed in an automatic manner. You also have the right to request the Company to send or transfer the personal data in the foregoing formats to another data controller where such process can be done by automated means, and you also have the right to request the personal data which the Company sends or transfers in the foregoing formats to another data controller directly unless otherwise technically unfeasible.
However, the foregoing personal data must be the data you provided consent for the Company to collect, use, and/or disclose, or the personal data that the Company is required to collect, use, and/or disclose to provide you with services of the Company as per your agreement with the Company, or other personal data as specified by the legally authorised entity.
9.4 Right to Object
You have the right to object to the collection, use, and/or disclosure of your personal data at any time if the collection, use, and/or disclosure of your personal data is carried out for operations necessary for the legitimate interests of the Company or of another person or juristic persons, within reasonable expectations, or for the performance of a task carried out in the public interest. If you object, the Company will still continue to collect, use, and/or disclose your personal data only where the Company can demonstrate legal grounds that outweigh your fundamental rights, or for the establishment of legal rights, legal compliance, or defence of legal claims in litigations as applicable.
9.5 Right to Erasure
You have the right to request the deletion or destruction of your personal data, or to have your personal data anonymised if you believe that your personal data has been unlawfully collected, used, and/or disclosed, or if you find that it is no longer necessary for the Company to retain your personal data for the purposes stated in this Privacy Notice, or when you have exercised your right to withdraw consent or object as stated above, unless in the cases where the Company must retain the data for legal compliance or to exercise its legal rights in relation to the retention of such personal data.
9.6 Right to Restrict Processing
You have the right to request the temporary suspension of the use of your personal data in cases where the Company is verifying your request for correction of personal data or objection, or in any other case where the Company no longer needs to retain and must delete or destroy your personal data in accordance with applicable laws, but you request the Company to suspend its use instead.
9.7 Right to Rectification
You have the right to request that the Company correct your personal data to be correct, up-to-date, complete, and not misleading.
9.8 Right to Lodge a Complaint
You have the right to file a complaint with the relevant legal authorities if you believe that the collection, use, and/or disclosure of your personal data has been conducted in a manner that violates or does not comply with the applicable laws.
If you have any concerns or questions about the Company’s practices regarding your personal data, please contact the Company using the contact details provided in Article 12 of this Privacy Notice. In the event that there is reasonable evidence to believe that the Company has violated the Personal Data Protection Law, you have the right to file a complaint with the Expert Committee appointed by the Personal Data Protection Committee in accordance with the regulations and procedures specified by the Personal Data Protection Law.
If you wish to exercise the rights stipulated above, you must contact the Company using the contact details provided in Article 12 of this Privacy Notice by submitting a written request. The Company will make its best endeavour to consider and respond to your request without delay, or within the time frame specified by law. However, any request to exercise these rights may be limited subject to the relevant laws, and in some cases, the Company may refuse or is unable to proceed as requested as appropriate and on lawful grounds such as where the law grants the right to deny such requests.
The Company has implemented appropriate security standards to prevent the loss, unauthorised access, use, alteration, or disclosure of personal data without authorisation or improperly. and the Company will review these measures as necessary, or when technology changes, to ensure the effectiveness of the security measures as appropriate.
The Company reserves the right to amend this Privacy Notice as necessary and appropriate. Any changes will be announced and displayed on the Company’s website or by other appropriate means.
If you have any questions related to this Privacy Notice, or if you wish to exercise your rights as outlined in Article 9, or if you have any complaints, you can contact the Company at:
Data Controller
Jaspal Public Company Limited – Data Protection Officer (DPO)
Contact Address: 1054 Sukhumvit 66/1, Phrakhanong Tai Sub-district, Phrakhanong District, Bangkok 10260
Phone Number: 02 856 2000
Email: dpo@jaspal.co.th
Or
Human Resource Department, Jaspal Public Company Limited
Email: hrpdpa@jaspal.co.th
You hereby acknowledge and agree that this Privacy Notice is governed by and construed in accordance with the laws of Thailand, and that the courts of Thailand have jurisdiction over any disputes that may arise.
Effective Date: 6 September 2024
