Shibaura Machine (Thailand) Co., Ltd. (the “Company”) gives importance to the protection of personal data and the Company is well aware of its duties under Thailand’s Personal Data Protection Act B.E. 2562 (as may be amended or supplemented from time to time) including its implementing and/or supplemental rules, regulations, notifications, and announcements issued thereunder (collectively, the “Data Protection Law”). Therefore, the Company has prepared this Privacy Policy and Notice on the Processing of Personal Data (the “Policy”) and hereby notifies the Company’s collection, use, and disclosure of personal data as well as data subject’s rights as detailed below, to the data subjects, namely, the Company’s customers, business partners, suppliers, service providers, contractual counterparties, shareholders, persons visiting/contacting the Company, other relevant persons, who may be individuals, and directors, staffs, employees and personnel of such organizations, who are the data subjects.
1. Definitions
Personal Data | : | Any information relating to an individual which enables the identification of such individual, whether directly or indirectly, but not including the information of the deceased person in particular. |
Data subject(s) | : | Any individual person who can be identified, directly or indirectly, by Personal Data. |
Company’s customers, business partners, suppliers, service providers, contractual counterparties, shareholders, persons visiting/contacting the Company, and other relevant persons | : | Any individuals who are the Company’s existing or potential customers, business partners, suppliers, service providers, contractual counterparties, shareholders, persons visiting/contacting the Company, and/or other individuals relevant to the Company, or any relevant directors, staffs, employees, and/or personnel, who are individuals, of companies/organizations/legal entities which are the Company’s existing or potential customers, business partners, suppliers, service providers, contractual counterparties, shareholders, persons visiting/contacting the Company, and/or other persons relevant to the Company. |
2. Types of Personal Data collected by the Company
In the Company’s business operation, the Company must contact, coordinate, and proceed various actions with the Company’s customers, business partners, suppliers, service providers, contractual counterparties, shareholders, persons visiting/contacting the Company, and other relevant persons. Therefore, the Company may collect the following Personal Data concerning such persons, including:
3. Sources of Personal Data
3.1 The Company may collect Personal Data directly from the data subjects, from the organizations of the data subjects or other personnel of such organizations, or the information that are already accessible by the public.
3.2 The Company receives Personal Data from the sources set out above both in written and verbal forms, through phone calls or emails or posts, as verbal information or documents, through photos, video recordings or footage/records of CCTV, or by the Company’s searches from the internet or other public sources.
4. Collection, use and disclosure of Personal Data, purposes, and the lawful basis there of
4.1 The Company will duly collect, use and/or disclose Personal Data on a limited basis pursuant to the purposes and the lawful basis set out below, and the procedures pursuant to the Data Protection Law.
4.2 The Company collects Personal Data to use and/or disclose for the following purposes:
(1) To verify the identity and address of the Company’s customers, business partners, suppliers, service providers, contractual counterparties, shareholders, persons visiting/contacting the Company, and other relevant persons;
(2) To contact, coordinate, negotiate, enter into, and prepare contract/agreement/evidence of the sale of goods and/or services and/or other transaction contract/agreement, including the performance of contract/agreement, the after sales service, and to make claims or complaints in the event of non-performance of contract/agreement;
(3) To comply with applicable laws (e.g., preparing meeting invitation notices, convening shareholders’ meetings, preparing the minutes of shareholders’ meetings, preparing the shareholder register book, and submitting the list of shareholders to the Registrar in accordance with the Civil and Commercial Code, and issuing tax invoices, collecting evidence and preparing other documents in accordance with taxation laws, etc.);
(4) To communicate or conduct marketing activities, including (without limitation to) publicizing information to promote products, discounts, and promotional programs of the Company, the Company’s parent company, and/or the Company’s affiliated company, etc;
(5) To create statistical data for market trends research study and to develop and enhance goods and services of the Company, the Company’s parent company and/or affiliated company(ies);
(6) To keep records of persons entering/leaving the Company’s workplace, and for the purpose of maintaining the safety and security of Personnel, other persons, and properties of the Company, and preventing potential crimes;
(7) For business network database of the Company, the Company’s parent company and affiliated company(ies);
(8) For business operations and other actions of the Company, the Company’s parent company and/or affiliated company(ies), including (without limitation to) provisions of suggestion, assistance, cooperation, and/or coordination to the Company’s customers, business partners, suppliers, service providers, contractual counterparties, and other relevant persons;
(9) For the Company’s accounting and audit; and
(10) For litigation and/or arbitration proceedings, including for defending in court or in arbitration (if any/necessary).
4.3. The Company relies on the following lawful basis under the Data Protection Law to collect, use and/or disclose Personal Data:
(1) The processing is necessary for the performance of a contract/agreement between the Company and the Company’s customers, business partners, suppliers, service providers, contractual counterparties or other persons, or in order to take steps at the request of such person prior to entering into such contract/agreement;
(2) The processing is for compliance with the legal obligations to which the Company is subject;
(3) The processing is in order to prevent or suppress danger to a person’s life, body, or heal;
(4) The processing is for research or statistics; and
(5) The processing is necessary for the purposes of the legitimate interests of the Company, the Company’s parent company, affiliated company(ies), or other persons, except where such interests are overridden by the fundamental rights and freedoms of the data subjects.
4.4 In addition, it is necessary for the Company to obtain certain Personal Data (e.g., name-surname of the contractual counterparty or the name-surname of the authorized director(s) or attorney(ies) of the contractual counterparty organization, etc.) in order to enter into relevant contract(s)/agreement(s) with the relevant party(ies). Otherwise, the Company may be unable to enter into such contract(s)/agreement(s).
5. Retention of Personal Data
5.1 Retention of Personal Data
The Company retains Personal Data in both hard copy form and electronic/soft copy form. Hard copies will be kept in locked cabinets at the relevant departments. Electronic/soft copies will be stored in the Company’s internal computer system and internal server, both with password requirement for access. The Company also uses intranet provided by CS Loxinfo Public Company Limited (CS Loxinfo) and Softbank Thailand.
Persons who have access to Personal Data
The Company may internally share certain Personal Data within the Company’s relevant departments on a need-to know basis and on a case-by-case basis for purposes/reasons related to the Company’s business operations, and the Company may disclose Personal Data to third parties as specified in paragraph 6 below.
5.2 Retention periods for Personal Data
5.2.1. The Company will retain Personal Data and documents containing such data for the following periods:
No. | Type of Data / Document | Retention Period |
|---|---|---|
1. | Personal Data concerning shareholders | Forever. |
| 2. | Personal Data concerning customers,contract/ agreement/evidence of sale and purchase of goods/ services, and contract/agreement/ evidence of other transactions between the Company and its customers, and purchase and complaint history | Forever. |
3. | Contract/agreement/evidence of other transactions between the Company and its business partners, suppliers, service providers, contractual counterparties, and/or other relevant persons | Throughout the term of the relevant contract/agreement and another 3 years thereafter. |
4. | Face records and CCTV footage/records of the Company | 6 months from the date on which it is recorded. |
5. | Account and documents supporting accounting | 5 years from account closing date (or until delivery of account and document to the Chief Accounting Inspector in case the Company ceases its business operation without liquidation). |
6. | Documents submitted to the Revenue Department (e.g., information on withholding tax which may contain ID numbers and names of relevant persons, etc.) and documents submitted to other government agencies and officials | 5 years from submission date. |
7. | Other Personal Data concerning the Company’s customers, business partners, suppliers, service providers, contractual counterparties, and other relevant persons, and other documents containing such data | For so long as the data subject continues to have a relationship with the Company and another 3 years thereafter. |
5.2.2. Notwithstanding paragraph 5.2.1 above, if any law with which the Company must comply requires the Company to retain any Personal Data or any document containing such data for a longer period than the relevant period set out in paragraph 5.2.1 above, the Company will retain such Personal Data or document for the period required by law.
5.2.3. If the Company considers that certain Personal Data and/or documents containing such data may be necessary or important for the Company’s establishment of a right of claim under the law, compliance with, or exercise of a right of claim under, the law, or raising of a defense under the law, or may help the Company in any potential dispute, claim and/or litigation in any form, the Company may retain such data and/or documents for a longer period than the relevant period set out in paragraph 5.2.1 or paragraph 5.2.2.
5.2.4. The Company will ensure to erase or destroy or anonymize the Personal Data upon the end of the relevant retention period set out above, or erase or destroy or anonymize the Personal Data that are irrelevant or unnecessary as per the purpose of collection of such Personal Data, or as requested by the data subject who is entitled to such request, or for which the data subject has withdrawn his/her consent (only in case the collection of relevant Personal Data requires consent).
6. Transfer and/or disclosure of Personal Data
6.1 The Company may disclose Personal Data to the following persons and agencies for the following reasons:
(1) Government agencies and officials such as Department of Business Development, Ministry of Commerce, Revenue Department, Royal Thai Police, or other competent government agencies/officials, in order for the Company to comply with applicable laws, lawful orders of government agencies or court’s orders to which the Company is subject, as well as for examination or investigations of suspicious persons and events.
(2) Business partners The Company has business partners to whom the Company necessarily provides advice, assistance, cooperation, and/or coordination, and/or enter into contract/agreement with, in the Company’s business operation. Therefore, the Company may have to disclose certain Personal Data to its business partners.
(3) Customers In the Company’s business operation, the Company has customers to whom the Company provides advice, assistance, cooperation, coordination, sale of products, and provide services to, and/or enter into contract/agreement with. Therefore, the Company may have to disclose certain Personal Data to its customers.
(4) Professional advisor(s) and/or service provider(s) The Company engages professional advisor(s) and/or service provider(s) e.g., legal advisor, financial advisor, external messengers, etc. Therefore, the Company may have to disclose certain Personal Data to such persons, to the extent necessary for such persons to perform their duties as per the agreements that they have with the Company.
(5) Auditor As the Company has an independent auditor who audits the Company’s account, the Company must disclose certain Personal Data to the auditor for such purpose.
(6) IT Service Providers The Company outsource IT services from IT company or software service provider. Therefore, such company/service provider may have access to Personal Data stored on the Company’s server and computer.
(7) Other person(s) for compliance with the laws and as permitted by the Data Protection Law.
6.2. In addition, for the purpose of marketing, studying and researching the market trends, and developing and enhancing products and services of the Company, the Company’s parent company and/or affiliated company(ies), the Company may disclose or transfer certain Personal Data concerning its customers (e.g., names-surnames, email address, address, phone number, business cards, sale and purchase contract/agreement, purchase history, complaint history, etc.) to the Company’s parent company being Shibaura Machine Co., Ltd. which is incorporated under the law of Japan and located in Japan.
6.3. The disclosure mentioned above will be made on a limited basis and the Company will disclose only the Personal Data that are necessary to achieve the lawful purpose of the disclosure, and the Company will ensure that the persons to which the Personal Data are disclosed by the Company will comply with the Data Protection Law.
6.4. In the event that the Company must obtain consent from the data subject pursuant to the Data Protection Law for disclosing any Personal Data to any person(s) set out above, the Company will request for such consent and must duly obtain such consent from the data subject before disclosure.
7. Marketing activities/communicationsa
7.1. The Company, and/or the Company’s parent company, and relevant affiliated company(ies) may communicate to customers being companies/organizations/juristic persons (through their directors, staffs, employees, and/or personnel) for marketing purposes, including (without limitation to) for publicizing information to promote goods/services, discounts, and promotional programs of the Company, the Company’s parent company, and/or the Company’s affiliated company, etc.
8. Security measures with respect to Personal Data
The Company will implement appropriate measures to secure Personal Data to prevent unauthorized or undue loss, access, use, change, amendment, or disclosure of Personal Data by using technologies and other methods including the followings:
(1) The Company will store Personal Data securely and will classify the types of Personal Data and clearly define who has the right to access each type of data.
(2) The Company will set up a system to check and erase, destroy, or anonymize Personal Data as specified in paragraph 5.2.4 above by appropriate means.
(3) The Company will ensure that the Company’s personnel must enter their individual username and/or password before accessing and using the Company’s computer system and that such usernames and passwords are kept strictly confidential.
(4) The Company will take steps to prevent other persons to whom the Company disclose Personal Data from using or disclosing such data without authorization or wrongly.
(5) The Company will notify any data breach incident with respect to Personal Data to the Office of the Personal Data Protection Committee without delay within the period specified by the Data Protection Law. If such data breach poses a high risk of affecting the rights and freedoms of an individual, the Company will promptly notify the relevant data subject of the incident with a plan to remedy the damage resulting therefrom without delay.
9. Data Subject’s Rights
A data subject is entitled to the rights in relation to the Personal Data concerning him/her as prescribed in the Personal Data Protection Law as follows:
(1) Right to Withdraw Consent In case the Company relies only on a data subject’s consent as its lawful basis to collect, use and/or disclose Personal Data, the data subject may, at any time, withdraw his/her consent. The Company will notify such data subject withdrawing his/her consent of the effects that may occur as a result of his/her consent withdrawal at the time of withdrawal.
(2) Right of Access A data subject has the right to access and request a copy of Personal Data concerning him/her which are under the responsibility of the Company or request the Company to disclose its acquisition of such Personal Data for which he/she did not give consent.
(3) Right to Data Portability A data subject has the right to receive Personal Data concerning him/her from the Company in case the Company has made such Personal Data in the format that is commonly used and readable by automatic machine and can be used and disclosed by automatic means. A data subject also has the right to request the Company to send or transfer the Personal Data in such format to other data controller(s) if it can be done by automatic means and/or request to obtain the Personal Data in such format that the Company sends or transfers to other data controller(s) directly unless it is technically unfeasible.
(4) Right to Object A data subject has the right to, at any time, object to the collection, the use or the disclosure of Personal Data concerning him/her under certain circumstances prescribed under the Data Protection Law.
(5) Right to Erasure A data subject has the right to request the Company to erase or destroy or anonymize Personal Data concerning him/her under certain circumstances prescribed under the Data Protection Law.
(6) Right to Restriction of Processing A data subject has the right to request the Company for restriction of its use of Personal Data concerning him/her under certain circumstances prescribed under the Data Protection Law.
(7) Right to Rectification A data subject has the right to request the Company to rectify inaccurate Personal Data concerning him/her and ensure that the Personal Data concerning him/her is correct, up-to-date, complete, and not misleading.
(8) Right to Lodge Complaint A data subject has the right to lodge a complaint with the competent authority or committee under the Data Protection Law in the event that the Company including its employee(s) or contractor(s) violate or fail to comply with the Data Protection Law.
The data subject can contact the Company’s HR Department in order to exercise any right under subparagraphs (1) – (7) above as per the details set out in paragraph 11 below.
10. Modification of Policy
The Company may review and revise this Policy on a regular basis as to ensure its consistency with the relevant guidelines and the Data Protection Law. The Company will notify the data subjects of such changes to this Policy by publicizing the updated Policy on the Company’s website as soon as possible.
11. Information about the Company and contact details
If a data subject has any question or suggestion in relation to the Company’s protection of Personal Data or wishes to exercise a right as data subject, please contact the Company’s HR Department as per the following contact details:
Company’s Name: | Shibaura Machine (Thailand) Co., Ltd. |
Address: | 127/28 Panjathani Tower 23rd Floor, Nonsi Road, |
Contact Channels: | Tel.: 02-681-0158-61 |
This Policy is last updated in January 2023.
Shibaura Machine (Thailand) Co., Ltd. (the “Company”) gives importance to the protection of personal data concerning its Personnel and the Company is well aware of its duties under Thailand’s Personal Data Protection Act B.E. 2562 (as may be amended or supplemented from time to time) including its implementing and/or supplemental rules, regulations, notifications and announcements issued thereunder (collectively, the “Data Protection Law”). Therefore, the Company has prepared this Privacy Policy and Notice on the Processing of Personal Data Concerning Personnel (the “Policy”) and hereby notifies all of its Personnel of the Company’s collection, use, and disclosure of personal data concerning its Personnel as well as their rights as data subjects as follows:
1. Definitions
“Personal Data” | : | Any information relating to an individual which enables the identification of such individual, whether directly or indirectly, but not including the information of the deceased person in particular. |
“Sensitive Personal Data” | : | Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual behaviors, criminal records, health data, disability, labor union data, genetic data, biometric data, or any other data which affects the data subject in the similar way as announced by the Personal Data Protection Committee pursuant to the Data Protection Law. |
“Data subject(s)” | : | Any individual person who can be identified, directly or indirectly, by Personal Data. (Under this Policy, data subjects are the Company’s Personnel and other persons specified in paragraph 2.2 of this Policy.) |
“Personnel” | : | All types of employees and personnel of the Company including (without limitation to) directors, executives, interns, probationary employees, whether former and/or current ones as required by the relevant context in this Policy. |
2. Types of Personal Data concerning Personnel collected by the Company
2.1. The Company collects the following Personal Data concerning Personnel and documents containing Personal Data concerning Personnel as follows:
Types of Personal Data concerning Personnel/Documents containing such data | |
(1) General Personal Data | Such as the following data of Personnel:
|
(2) Sensitive Personal Data |
|
(3) Personal Data concerning Personnel arising from or in connection with his/her employment/service/ position | Such as the following data:
|
2.2. If necessary, the Company may collect Personal Data concerning other persons who are not the Personnel as set out below (in which case, the relevant Personnel must, to the extent practicable, obtain their consent to provide their Personal Data to the Company or notify them that the Personal Data concerning them will be provided to the Company and the purposes thereof, as the case may be):
3. Sources of Personal Data
3.1 The Company may collect Personal Data concerning Personnel from the following sources:
(1) From the Personnel directly such as name-surname, address, phone number, email address, copy of ID card/passport, etc. as provided to the Company by the Personnel.
(2) The Company creates or collects Personal Data concerning Personnel during the employment period/term of office such as employment contract, fingerprint, leave record, performance evaluation result, position change or salary/remuneration adjustment, etc.
(3) The Company may collect Personal Data concerning Personnel by automated means, such as the Company’s computers have an automatic system to automatically detect suspicious usage (for more information on this, please see paragraph 7 below), and the Company’s vehicles are equipped with a GPS tracking system, etc.
(4) The Company collects Personal Data concerning Personnel from other source(s) that is not the Personnel such as:
3.2. The Company receives Personal Data concerning Personnel from the sources set out above in written or verbal form, through phone calls, emails, posts, or by the Personnel submitting/notifying to the Company by themselves or by the Company preparing by itself certain Personal Data concerning Personnel as documents or electronic data.
4. Collection, use and disclosure of Personal Data concerning Personnel, purposes and the lawful basis there of
4.1 The Company will duly collect, use and/or disclose Personal Data concerning Personnel on a limited basis pursuant to the purposes and the lawful basis set out below and the procedures pursuant to the Data Protection Law.
4.2 The Company collects Personal Data concerning Personnel to use and/or disclose for the following purposes:
(1) To verify the identity and address of the Personnel;
(2) For the purpose of maintaining the safety and security of Personnel, other persons, and properties of the Company, and preventing potential crimes;
(3) For the Company’s personnel administration and management including (without limitation to) Personnel/employee registration preparation, safe keeping of employment evidence or evidence of other contract(s)/agreement(s)/relationship(s) between the Personnel and the Company and the Personnel’s profile, preparation of Personnel identification cards and business cards, consideration on position change and/or salary/remuneration/bonus, and other internal records, etc.;
(4) For performance of contract between the Company and the Personnel including (without limitation to) sending of relevant data to the bank for making payments of salaries/wages/remuneration, bonuses, and other benefits and to the insurance company, the provident fund and/or other persons as to procure the welfares that the Personnel are entitled to receive;
(5) To comply with the laws (including ministerial regulations, notifications/announcements, rules and regulations issued pursuant thereto) to which the Company is subject, such as:
(6) To facilitate the Personnel in exercising their rights and utilizing their welfare benefits provided by the Company and their benefits under the Social Security Fund and/or the Compensation Fund in accordance with the conditions prescribed by relevant laws and relevant government agencies;
(7) For the Company’s internal management and business operation as necessary, including (without limitation to) monitoring and overseeing the use of the Company’s properties (e.g., cars, etc.), provisions of advice, assistance, cooperation, and/or coordination in relation to goods and services, and enter into and performance of contracts/agreements with, the Company’s existing and potential business partners, suppliers, service providers, and customers, other parties, and the Company’s parent company;
(8) For the Company’s accounting and audit; and
(9) For litigation and/or arbitration proceedings, including for defending in court or in arbitration (if any/necessary).
4.3. The Company also collects Sensitive Personal Data concerning Personnel for the following purposes:
(1) The Company collects the Personnel’s fingerprint in order for the Personnel to verify themselves through the fingerprint scanner before entering or leaving the workplace and various parts of the Company for security purpose, and for work time tracking purpose;
(2) The Company collects criminal record(s) of Personnel in order to consider the Personnel’s suitability in performing duties of the relevant positions; and
(3) The Company collects the Personnel’s medical certificate as to support any sick leave of the Personnel taken for a period of at least 3 consecutive days pursuant to the Labor Protection Act B.E. 2541.
4.4 The Company collects the Personnel’s medical certificate as to support any sick leave of the Personnel taken for a period of at least 3 consecutive days pursuant to the Labor Protection Act B.E. 2541.
(1) The processing is necessary for the performance of the contract between the Company and the Personnel or in order to take steps at the request of the Personnel prior to entering into such contract.
(2) The processing is necessary for compliance with the Company’s legal obligations (as per the details provided in paragraph 4.2(5) and paragraph 4.3(3) above).
(3) The processing is necessary in order to prevent or suppress danger to the Personnel or any other person’s life, body, or health.
(4) The processing is necessary for the purposes of the legitimate interests of the Company or its parent or affiliate companies or other persons, except where such interests are overridden by the fundamental rights and freedoms of the Personnel.
(5) The relevant Personnel has given his/her consent (in which case, the Personnel may withdraw his/her consent at any time. (For further information on the consent request and withdrawal, please see paragraph 9(1) and paragraph 11 below.))
4.5. The Company’s Personnel must provide certain Personal Data concerning him/her (e.g., name, surname, ID number, and nationality, etc.) in order to comply with applicable laws such as to make contributions under the social security law and the workmen’s compensation law, to submit data relating to the Personnel’s income and withholding tax to the Revenue Department under the taxation law, to comply with the law on foreigners’ working management and the immigration law, etc. If the Personnel does not provide such necessary data, it may result in a violation of the law causing the relevant Personnel and/or the Company to be liable and be subject to punishment under applicable law. Moreover, the Company’s Personnel must provide certain Personal Data concerning him/her (e.g., name, surname, ID number, copy of ID card, and bank account number, etc.) in order to enter into an employment contract or other contract(s)/agreement(s)/relationship(s) with the Company and for the Company to comply with such contract(s)/agreement(s). Otherwise, the Company may not be able to comply with its obligations under such contract(s)/agreement(s) (e.g., the Company may not be able to pay salary/remuneration to the Personnel and may be unable to provide to the Personnel the welfares that the Company agreed to provide, etc.).
5. Retention of Personal Data concerning Personnel
5.1. Retention of Personal Data concerning Personnel
The Company retains Personal Data concerning Personnel in both hard copy form and electronic/soft copy form. Hard copies will be kept in locked cabinets at the HR Department and the relevant departments. Electronic/soft copies will be stored in the Company’s internal computer system and internal server, both with password requirement for access. The Company also uses intranet provided by CS Loxinfo Public Company Limited (CS Loxinfo) and Softbank Thailand.
Persons who have access to Personal Data
The Company may share certain Personal Data between relevant departments within the Company as necessary and on a case-by-case basis for the purposes/reasons related to the Company’s business operations. In addition, the Company may disclose Personal Data to third parties as specified in paragraph 6 below.
5.2. Retention periods for Personal Data concerning Personnel
5.2.1. The Company will retain Personal Data concerning Personnel and documents containing such data for the following periods:
No. | Type of Data / Document | Retention Period |
|---|---|---|
1. | Personnel’s name and surname, ID number and/or passport number | Forever (notwithstanding the termination of the relevant Personnel’s employment/contract/relationship with the Company). |
2. | Employment or other contract(s)/ | Throughout the term of the relevant contract(s)/ agreement(s) and another 10 years thereafter, or for the period required by the law. |
3. | Personal profile, educational background, work experience, capabilities and qualifications, and leave record | Throughout the term of the employment contract and another 10 years thereafter, or for the period required by the law. |
4. | Fingerprint data | For so long as the relevant Personnel remains a current Personnel of the Company. |
5. | Medical certificate | 2 years from the date such data was obtained by the Company. |
6. | Criminal record | Up to 3 months from the date on which such data was obtained by the Company. |
7. | Employee/Personnel registration | Throughout the term of the employment contract and another 10 years thereafter, or for the period required by the law. |
8. | Data relating to payments of wages/remuneration, overtime, holiday pay and holiday overtime to Personnel, including information on personnel working hours | Throughout the term of the employment contract and another 2 years thereafter. |
9. | Account and documents supporting accounting | 5 years from account closing date (or until delivery of account and document to the Chief Accounting Inspector in case the Company ceases its business operation without liquidation). |
10. | CCTV footage/records | 6 months from the date on which it is recorded. |
11. | Documents submitted to the Revenue Department (e.g., information on withholding tax with respect to salaries/wages/remuneration with ID number and name of relevant Personnel specified, etc.), documents submitted to the Social Security Office, the provident fund and its manager and other government agencies and officials | 5 years from submission date. |
12. | Other Personal Data concerning Personnel and other documents containing such data | Throughout the term of the employment contract and another 10 years thereafter. |
5.2.2. Notwithstanding paragraph 5.2.1 above, if any law to which the Company is subject requires the Company to retain any Personal Data concerning Personnel or any document containing such data for a longer period than the relevant period set out in paragraph 5.2.1 above, the Company will retain such Personal data or document for the period required by the law.
5.2.3. If the Company considers that certain Personal Data concerning Personnel and/or documents containing such data may be necessary or important for the Company’s establishment of a right of claim under the law, compliance with, or exercise of a right of claim under, the law, or raising of a defense under the law, or may help the Company in any potential dispute, claim and/or litigation in any form, the Company may retain such data and/or document for a longer period than the relevant period set out in paragraph 5.2.1 or paragraph 5.2.2.
5.2.4. The Company will ensure to erase or destroy or anonymize Personal Data concerning Personnel upon the end of the relevant retention period set out above, or erase or destroy or anonymize the Personal Data that is irrelevant or unnecessary as per the purpose of collection of such Personal Data or as requested by the relevant Personnel as the data subject who is entitled to such request, or for which the relevant Personnel as data subject has withdrawn his/her consent (only in case the collection of relevant Personal Data requires consent).
6. Transfer and/or disclosure of Personal Data concerning Personnel
6.1. The Company may disclose Personal Data concerning Personnel to the following persons and agencies for the following reasons:
(1) Government agencies and officials such as the Social Security Office, the Department of Labor Protection and Welfare, the Ministry of Labor, the Department of Employment, the Immigration Office, the Department of Business Development, the Ministry of Commerce, the Revenue Department, or other competent government agencies/officials in order to comply with, and ensure that the relevant Personnel comply with, applicable laws, lawful orders of government agencies, or court’s orders to which the Company is subject, including in order to facilitate the Personnel in exercising their rights and benefits under the law.
(2) Bank To make payments of salaries/wages/remuneration, bonuses, and other benefits to Personnel.
(3) Insurance company For providing health insurance for the Company’s Personnel as welfare that the Personnel should be entitled to, and for claiming for reimbursement of medical expenses of the Personnel from such insurance.
(4) Provident fund and provident fund manager So that the Company’s Personnel receive the rights and benefits in respect of such provident fund.
(5) Hospital The Company has arranged for the Personnel regular health checks with a hospital engaged by the Company. Therefore, the Company must disclose certain Personal Data concerning Personnel to such hospital.
(6) Royal Thai Police The Company conducts criminal background check of Personnel, the Company must disclose name, surname, and copy of the Personnel’s ID card, including the Personnel’s letter of consent to conduct criminal background check to the Royal Thai Police.
(7) Business partners, suppliers and service providers In the Company’s business operation, the Company has business partners, suppliers, and service providers to whom the Company necessarily provides advice, assistance, cooperation and/or coordination, and/or enter into agreements/contracts with. Therefore, the Company may have to disclose certain Personal Data concerning Personnel to such persons.
(8) Customers In the Company’s business operation, the Company has customers to whom the Company provides advice, assistance, cooperation, coordination, sale of goods and services, and/or enter into agreements/contracts with. Therefore, the Company may have to disclose certain Personal Data concerning Personnel to its customers.
(9) Professional advisor(s) and/or service provider(s) The Company engages professional advisor(s) and/or service provider(s) e.g., visa and work permit service provider, legal advisor, financial advisor, etc. Therefore, the Company may have to disclose certain Personal Data concerning Personnel as necessary for such professional advisor(s) and/or service provider(s) to perform their duties as per the agreements they have with the Company.
(10) Auditor As the Company has an independent auditor who audits the Company’s account, the Company must disclose certain Personal Data concerning Personnel to the auditor for such purpose.
(11) IT Service Provider(s) The Company outsource its IT operations to IT company operations or software service provider. Therefore, such company/service provider may have access to Personal Data stored on the Company’s server and computer.
(12) Other person(s) for compliance with the laws and as permitted by the Data Protection Law.
6.2. In addition, for internal administration purpose and for analyzing accounting data and preparing the consolidated financial statements, the Company may disclose the number of Personnel, the Personnel’s age, sex, position, and email address, and organization chart to the Company’s parent company being Shibaura Machine Co., Ltd. which is incorporated under the law of Japan and located in Japan
6.3. The disclosure mentioned above will be made on a limited basis and the Company will disclose only the Personal Data that are necessary to achieve the lawful purpose of the disclosure, and the Company will, to the extent practicable, ensure that the persons to whom the Personal Data are disclosed by the Company will comply with the Data Protection Law.
6.4. In the event that the Company must obtain consent from the relevant Personnel as data subject pursuant to the Data Protection Law for disclosing any Personal Data concerning Personnel to any person(s) set out above, the Company will request for such consent and must duly obtain such consent from the relevant Personnel before disclosure.
7. Computers and internet network provided by the Company for the Personnel
The Company restricts personal use of social media through the Company’s computer system and internet network. The Company has an automatic system to restrict access to websites with inappropriate content and to monitor the Personnel’s use of the Company’s computer systems and internet network in order to prevent access to insecure or illegal websites, and to monitor and prevent access to spam emails, low-security emails, and emails that may pose a risk to the Company’s computer system.
The Company also has firewall which are security systems that monitors and filters data transmission through the Company’s computer system and internet network. The Company installs firewall to allow data transmission that is non-threatening to the Company’s computer system and internet network and prevent the transmission of harmful data out of the Company’s computer system.
8. Security measures with respect to Personal Data concerning Personnel
The Company will implement appropriate measures to secure Personal Data concerning Personnel to prevent unauthorized or undue loss, access, use, change, amendment, or disclosure of Personal Data concerning Personnel by using technologies and other methods including the followings:
(1) The Company will classify the types of Personal Data concerning Personnel and clearly define who has the right to access each type of data.
(2) The Company will store Personal Data concerning Personnel securely.
(3) The Company will set up a system to check and erase, destroy, or anonymize Personal Data concerning Personnel as specified in paragraph 5.2.4 above by appropriate means.
(4) The Company will ensure that the Personnel must enter their individual username and/or password before accessing and using the Company’s computer system and that such usernames and passwords must be kept strictly confidential.
(5) The Company will take steps to prevent other persons to whom the Company disclose Personal Data concerning Personnel from using or disclosing such data without authorization or wrongly.
(6) The Company will notify any data breach incident with respect to Personal Data concerning Personnel to the Office of the Personal Data Protection Committee without delay within the period specified by the Data Protection Law. If such data breach poses a high risk of affecting the rights and freedoms of an individual, the Company will promptly notify the relevant Personnel as data subject of the incident with a plan to remedy the damage resulting therefrom without delay.
9. Data Subject’s Rights
A data subject is entitled to the rights in relation to the Personal Data concerning him/her as prescribed in the Personal Data Protection Law as follows:
(1) Right to Withdraw Consent In case the Company relies only on a data subject’s consent as its lawful basis to collect, use and/or disclose Personal Data, the data subject may, at any time, withdraw his/her consent. The Company will notify such data subject withdrawing his/her consent of the effects that may occur as a result of his/her consent withdrawal at the time of withdrawal.
(2) Right of Access A data subject has the right to access and request a copy of Personal Data concerning him/her which are under the responsibility of the Company or request the Company to disclose its acquisition of such Personal Data for which he/she did not give consent.
(3) Right to Data Portability A data subject has the right to receive Personal Data concerning him/her from the Company in case the Company has made such Personal Data in the format that is commonly used and readable by automatic machine and can be used and disclosed by automatic means. A data subject also has the right to request the Company to send or transfer the Personal Data in such format to other data controller(s) if it can be done by automatic means and/or request to obtain the Personal Data in such format that the Company sends or transfers to other data controller(s) directly, unless it is technically unfeasible.
(4) Right to Object A data subject has the right to, at any time, object to the collection, the use or the disclosure of Personal Data concerning him/her under certain circumstances prescribed under the Data Protection Law.
(5) Right to Erasure A data subject has the right to request the Company to erase or destroy or anonymize Personal Data concerning him/her under certain circumstances prescribed under the Data Protection Law.
(6) Right to Restriction of Processing A data subject has the right to request the Company for restriction of its use of Personal Data concerning him/her under certain circumstances prescribed under the Data Protection Law.
(7) Right to Rectification A data subject has the right to request the Company to rectify inaccurate Personal Data concerning him/her and ensure that the Personal Data concerning him/her is correct, up-to-date, complete and not-misleading.
(8) Right to Lodge Co mplaint A data subject has the right to lodge a complaint with the competent authority or committee under the Data Protection Law in the event that the Company including its employee(s) or contractor(s) violate or fail to comply with the Data Protection Law.
The data subject can contact the Company’s HR Department in order to exercise any right under subparagraphs (1) – (7) above as per the details set out in paragraph 11 below.
10. Modification of Policy
The Company may review and revise this Policy on a regular basis as to ensure its consistency with the relevant guidelines and the Data Protection Law. The Company will notify the Personnel of such changes to this Policy by publicizing the updated Policy on the Company’s website as soon as possible.
11. Information about the Company and contact details
If a data subject has any question or suggestion in relation to the Company’s protection of Personal Data concerning Personnel or wishes to exercise a right as data subject, please contact the Company’s HR Department as per the following contact details:
Company’s Name: | Shibaura Machine (Thailand) Co., Ltd. |
Address: | 127/28 Panjathani Tower 23rd Floor, Nonsi Road, Chong Nonsi Sub-District, Yannawa District, Bangkok 10120 |
Contact Channels: | Tel.: 02-681-0158 |
This Policy is last updated in January 2023.
Shibaura Machine (Thailand) Co., Ltd. (the “Company”) gives importance to the protection of personal data concerning its job applicants and candidates and the Company is well aware of its duties under Thailand’s Personal Data Protection Act B.E. 2562 (as may be amended or supplemented from time to time) including its implementing and/or supplemental rules, regulations, notifications and announcements issued thereunder (collectively, the “Data Protection Law”). Therefore, the Company has prepared this Privacy Policy and Notice on the Processing of Personal Data Concerning Job Applicants and Candidates (the “Policy”) and hereby notifies all of the Company’s job applicants and candidates of its collection, use, and disclosure of personal data concerning job applicants and candidates as well as their rights as data subjects as follows:
1. Definitions
“Personal Data” | : | Any information relating to an individual which enables the identification of such individual, whether directly or indirectly, but not including the information of the deceased person in particular. |
“Data subject(s)” | : | Any individual person who can be identified, directly or indirectly, by Personal Data. (Under this Policy, data subjects are the Company’s Job candidates and other persons specified in paragraph 2.2 of this Policy.) |
“Job candidates(s)” | : | Any job applicant i.e., any person applying for a job with the Company through whichever channel and for whichever position, and any person currently being considered by the Company for a job. |
2. Types of Personal Data concerning job candidates collected by the Company
2.1. The Company collects the following Personal Data concerning job candidates and documents containing such data:
2.2. In addition, the Company may collect Personal Data concerning other persons who are not the job candidates as set out below (in which case, the relevant job candidate must, to the extent practicable, obtain their consent to provide their Personal Data to the Company and/or notify them that the Personal Data concerning them will be provided to the Company and the purposes thereof, as the case may be):
3. Sources of Personal Data
3.1. The Company may collect Personal Data concerning job candidates from the following sources:
(1) From the job candidates directly when they submit their job applications or provide data to the Company;
(2) From other persons, as follows:
3.2. above in written or verbal form, through phone calls, emails, posts, or from the job candidate providing/notifying the Company by themselves, and from inquiries and job interviews.
4. Collection, use and disclosure of Personal Data concerning job candidates, purposes and the lawful basis there of
4.1. The Company will duly collect, use and/or disclose Personal Data concerning job candidates on a limited basis pursuant to the purposes and the lawful basis set out below, and the procedures pursuant to the Data Protection Law.
4.2. The Company collects Personal Data concerning job candidates to use and/or disclose for the following purposes:
(1) To verify the identity, address, and the accuracy of various information of the job candidates;
(2) To consider the qualifications of the job candidates, support the job interview, for consideration on job offers to the job candidates;
(3) To consider hiring/employing job candidates for future positions in case the job candidate does not get hired and employed on the first job application, in the event that the Company have a suitable job position in the future;
(4) To liaise with the job candidates during the recruitment process.
4.3. The Company relies on the following lawful basis under the Data Protection Law to collect, use and/or disclose Personal Data concerning job candidates;
(1) The processing is necessary for proceeding in accordance with the job candidates’ request;
(2) The processing is necessary for the purposes of the legitimate interests pursued by the Company, the Company’s parent company or affiliated company(ies), or other persons, except where such interests are overridden by the fundamental rights and freedoms of the data subjects.
4.4. In the event that the Company agree to hire/employ any job candidate, the job candidate is required to provide certain Personal Data concerning him/her (e.g. name, surname, ID number and/or passport number, copy of ID card and/or passport, etc.) to enter into an employment contract or other contract(s)/agreement(s) with the Company. Otherwise, the Company may be unable to enter into a contract/agreement with the job candidate.
4.5. The Company does not disclose Personal Data concerning job candidates to any other persons. However, if a job candidate is recruited to become a personnel of the Company, the Company may use and disclose Personal Data set out in paragraph 2 above and other Personal Data concerning personnel for other purposes, in which case, the Company will further notify the personnel of the Company in accordance with the Data Protection Law.
5. Retention of Personal Data concerning job candidates
5.1. Retention of Personal Data concerning job candidates
The Company retains Personal Data concerning job candidates in both hard copy form and electronic/soft copy form. Hard copies will be kept in locked cabinets at the HR Department. Electronic/soft copies will be stored in the Company’s internal computer system and internal server, both with password requirement for access. The Company also uses intranet provided by CS Loxinfo Public Company Limited (CS Loxinfo) and Softbank Thailand.
Persons who have access to Personal Data
Only the HR manager and all staffs in the HR Department, and the management of the Company would have access to the Personal Data concerning job candidates.
5.2. Retention period for Personal Data concerning job candidates
5.2.1. The Company will retain Personal Data concerning job candidates and documents containing such data for a period of not exceeding 3 months from the date on which the Company receives the job application/documents concerning the job candidates. However, if a job candidate is recruited to become personnel of the Company, the Company may continue to retain Personal Data concerning such job candidate, in which case, the Company will further notify the personnel of the Company of the retention periods of the Personal Data concerning personnel
5.2.2. Notwithstanding paragraph 5.2.1 above, if any law to which the Company is subject requires the Company to retain any Personal Data or any document containing such data for a longer period than the relevant period set out in paragraph 5.2.1 above, the Company will retain such Personal Data or document for the period required by law.
5.2.3. If the Company considers that certain Personal Data and/or documents containing such data may be necessary or important for the Company’s establishment of a right of claim under the law, compliance with, or exercise of a right of claim under, the law, or raising of a defense under the law, or may help the Company in any potential dispute, claim and/or litigation in any form, the Company may retain such data and/or document for a longer period than the relevant period set out in paragraph 5.2.1 or paragraph 5.2.2.
5.2.4. The Company will ensure to erase or destroy or anonymize Personal Data concerning job candidates upon the end of the relevant retention period set out above or erase or destroy or anonymize the Personal Data that is irrelevant or unnecessary as per the purpose of collection of such Personal Data or as requested by the data subject who is entitled to such request.
6. Security measures with respect to Personal Data
The Company will implement appropriate measures to secure Personal Data to prevent unauthorized or undue loss, access, use, change, amendment, or disclosure of Personal Data by using technologies and other methods including the followings:
(1) The Company will classify the types of Personal Data concerning job candidates and clearly define who has the right to access each type of such data.
(2) The Company will store Personal Data concerning job candidates securely.
(3) The Company will set up a system to check and erase, destroy, or anonymize Personal Data as specified in paragraph 5.2.4 above by appropriate means.
(4) The Company will ensure that its personnel must enter their individual username and/or password before accessing and using the Company’s computer system and that such usernames and passwords must be kept strictly confidential.
(5) The Company will take steps to prevent other persons to whom the Company disclose Personal Data concerning job candidates from using or disclosing such data without authorization or wrongly.
(6) The Company will notify any data breach incident with respect to Personal Data concerning job candidates to the Office of the Personal Data Protection Committee without delay within the period specified by the Data Protection Law. If such data breach poses a high risk of affecting the rights and freedoms of an individual, the Company will promptly notify the data subject of the incident with a plan to remedy the damage resulting therefrom without delay.
7. Data Subject’s Rights
A data subject is entitled to the rights in relation to the Personal Data concerning him/her as prescribed in the Personal Data Protection Law as follows:
(1) Right to Withdraw Consent In case the Company relies only on a data subject’s consent as its lawful basis to collect, use and/or disclose Personal Data, the data subject may, at any time, withdraw his/her consent. The Company will notify such data subject withdrawing his/her consent of the effects that may occur as a result of his/her consent withdrawal at the time of withdrawal.
(2) Right of Access A data subject has the right to access and request a copy of Personal Data concerning him/her which are under the responsibility of the Company or request the Company to disclose its acquisition of such Personal Data for which he/she did not give consent.
(3) Right to Data Portability A data subject has the right to receive Personal Data concerning him/her from the Company in case the Company has made such Personal Data in the format that is commonly used and readable by automatic machine and can be used and disclosed by automatic means. A data subject also has the right to request the Company to send or transfer the Personal Data in such format to other data controller(s) if it can be done by automatic means and/or request to obtain the Personal Data in such format that the Company sends or transfers to other data controller(s) unless it is technically unfeasible.
(4) Right to Object A data subject has the right to, at any time, object to the collection, the use or the disclosure of Personal Data concerning him/her under certain circumstances prescribed under the Data Protection Law.
(5) Right to Erasure A data subject has the right to request the Company to erase or destroy or anonymize Personal Data concerning him/her under certain circumstances prescribed under the Data Protection Law.
(6) Right to Restriction of Processing A data subject has the right to request the Company for restriction of its use of Personal Data concerning him/her under certain circumstances prescribed under the Data Protection Law.
(7) Right to Rectification A data subject has the right to request the Company to rectify inaccurate Personal Data concerning him/her and ensure that the Personal Data concerning him/her is correct, up-to-date, complete, and not misleading.
(8) Right to Lodge Complaint A data subject has the right to lodge a complaint with the competent authority or committee under the Data Protection Law in the event that the Company including its employee(s) or contractor(s) violate or fail to comply with the Data Protection Law.
The data subject can contact the Company’s HR Department in order to exercise any right under subparagraphs (1) – (7) above as per the details set out in paragraph 9 below.
8. Modification of Policy
The Company may review and revise this Policy on a regular basis as to ensure its consistency with the relevant guidelines and the Data Protection Law. The Company will notify the data subjects of such changes to this Policy by publicizing the updated Policy on the Company’s website as soon as possible.
9. Information about the Company and contact details
If a data subject has any question or suggestion in relation to the Company’s protection of Personal Data or wishes to exercise a right as data subject, please contact the Company’s HR Department as per the following contact details:
Company’s Name: | Shibaura Machine (Thailand) Co., Ltd. |
Address: | 127/28 Panjathani Tower 23rd Floor, Nonsi Road, Chong Nonsi Sub-District, Yannawa District, Bangkok 10120 |
Contact Channels: | Tel.: 02-681-0158 |
This Policy is last updated in January 2023.
Copyright © 2020 SHIBAURA MACHINE CO.,LTD, all rights reserved.