ภาษาไทย
Personal Data Protection Notice (Show/Hide Menu)
- Personal Data Protection Notice for Customers and Activities Participants
- Personal Data Protection Notice for Partners and Business Partners
- Personal Data Protection Notice for Shareholders, Investors and Potential Investors
- Personal Data Protection Notice for the Company's Visitors, Workplace Building Visitors and CCTV
- Personal Data Protection Notice for the Company’s Directors
- Personal Data Protection Notice for Training Activities, Seminars, Community Service Activities or Other Activities
- Notice regarding the Processing of the Personal Data You Provided to the Company before the Effective Date of the Personal Data Protection Act
- Personal Data Protection Notice for Employees
- Notice regarding the Processing of the Personal Data
- Use of Cookies Notice
Personal Data Protection Notice for the Company’s Directors
We, Oishi Group Public Company Limited , (the “Company”) recognize and respect the privacy and the protection of personal data of the Company’s directors (collectively “You”). The Company put in place this Personal Data Protection Notice in order to notify You of the details relating to a collection, use and disclosure of Your personal data (collectively the “Process”) in accordance with the personal data protection laws.
1. Purposes of Processing the Personal Data
1.1 The Company will Process Your personal data for the following purposes:
| Purposes | Lawful Basis | |
|
(1)
|
Proceeding necessary processes of considering and selecting the Company’s directors including processes of evaluation, selection, appointment and other internal management process relating to the consideration and appointment of the Company’s directors.
|
Contractual
Legitimate Interests
Legal Obligation
|
|
(2)
|
Proceeding processes between You and the Company including processes which You are the Company’s representative or You act on behalf of the Company such as:
• Making payment of remuneration to the Company’s directors including other necessary processes relating to the payment of remuneration.
• Preparing and collecting personal data including background of directors for the Company’s database.
• Delivering documents and meeting agendas.
• Proposing candidates to be the Company’s directors.
• Proposing the directors of related external organization and/or to hold any position in other related organizations.
• Disclosing and/or sending information to external organization as supporting information for applying for any educational program, receiving rewards, or attending any activities as the Company’s director.
• Receiving news and publicizing via various channels such as internal email of the Company and companies within the group, the Company’s website, Facebook, Line, YouTube or other online media of the Company or other media such as television, publication, etc. to communicate to external party
• Managing the Company’s business including using as evidence supporting the Company’s transactions.
• Disclosing and verifying the accuracy of personal data (KYC) relating to transactions with domestic and foreign banks.
• Disclosing and submitting information to relating regulatory authorities.
• Examining interest of the directors and persons related to directors, collecting list of the Company’s conflict of interest for information and reporting relating information such as a holding of securities, reporting strategic shareholder to regulatory authorities.
• Disclosing necessary information to comply with various evaluation criteria participated by the Company.
|
Contractual
Legitimate Interests
Legal Obligation
|
|
(3)
|
Complying with public limited companies laws, or securities and stock exchanges laws including an appointment process, a registration of any change or any process pursuant to relevant laws.
|
Legal Obligation
|
|
(4)
|
Complying with laws or subpoena, letter or order of authorities, independent organizations or officers having lawful duties and authorities such as compliance with a summon, warrant of seizure, order of the courts, police officers, public prosecutors and government authorities including reporting or disclosing information to the shareholders, government authorities or independent organizations such as the Office of Energy Regulatory Commission, the Ministry of Energy, the Revenue Department, the Land Department, the State Audit Office, the Office of National Anti-Corruption Commission, etc., for compliance with relevant laws.
|
Legal Obligation
|
|
(5)
|
Creating legal claim, authorization, and receipt of authorization, compliance with laws or exercising legal rights, litigating including proceeding any action for compulsory execution according to the laws.
|
Legitimate Interests
Legal Obligation
|
|
(6)
|
Business planning, reporting and anticipating, managing risks, overseeing an audit including an internal audit by the internal audit department and an internal management within the organization, including for the benefits of internal operations within the Company in relation to the payment of the accounting and finance department.
|
Legitimate Interests
|
|
(7)
|
Maintaining security around the area of the Company’s building or place and evaluating security risks including contacting for an issuance of cards for accessing and exiting the Company’s place, requesting for car stickers, recording accessing and exiting data to the Company’s place and recording images, still and motion, within the Company’s buildings or offices using CCTV.
|
Legitimate Interests
|
|
(8)
|
Complying with laws concerning public interest in respect of public health such as health protection against dangerous communicable disease or epidemic which may be contagious or spread into the kingdom.
|
Legal Obligation
|
|
(9)
|
Managing Your hygiene and safety.
|
Preventing or suppressing danger to a person's life, body or health (Vital Interests)
|
1.2 In the event that the Company will Process Your personal data for any purpose other than the above purposes, the Company may collect Your additional personal data by notifying You and requesting Your consent from time to time (as the case may be).
2. Personal Data to be Collected
In general, the Company will collect Your personal data by directly querying You or requesting the data from You; however, there may be some circumstances that the Company may collect Your personal data from other sources such as government authorities or other sources where Your personal data are clearly and publicly disclosed including the personal data disclosed via social media, etc. In such case the Company will collect only the information You choose to be publicly available. In this regard, the type of Your personal data which will be Processed by the Company will be as follows:
2.1 During the recruitment process, the Company will collect personal data from identification card, passport, or other documents issued by government authorities which can be used to verify your identity such as name, surname, gender, identification card number, passport number, photo, date of birth, nationality, place of birth, height, educational/training background and work experience in brief;
2.2 Regarding persons in the position of director or executive, the Company will collect additional personal data such as marital status, information regarding spouse/partner, children, parents, siblings, blood type, information regarding Your bank account, email address, educational/training background, vocation, work experience in brief, position in other companies including director, attendance of board of directors meeting, sub-committees meeting or shareholders meeting, remuneration of director, information regarding securities held, name of securities company, performance of director and other information required by laws or good corporate governance;
2.3 Information for complying with laws relating to the benefits of public health such as information regarding the screening according to epidemic prevention measure;
2.4 The aforementioned collected personal data is necessary for the Company to perform according to the agreement or Your request prior to entering into an agreement. If You decline to provide the Company with the necessary personal data, the Company may not be able to proceed any action relating to considering the selection process, entering into transaction or managing according to the agreement entering into with You (as the case may be).
3. Sensitive Personal Data
3.1 The Company may have to Process sensitive personal data in accordance with the personal data protection laws for the purposes as notified by the Company according to this Notice or any other purposes as the Company additionally notify You or as per Your consent provided to the Company on a case-by-case basis such as:
(1) once the Company has to use the information for verifying Your identity or for the benefit of the Company’s security such as biometric data, face recognition data and fingerprint data for verifying Your identification;
(2) health information such as food allergy, drug allergy, personal congenital disease, medical history in case you can claim medical expenses from the Company for using in any activity You participate in or for public health benefits such as prevention the spread of contagious disease or epidemic, etc.
3.2 The Company will request for Your express consent on a case-by-case basis for Processing Your sensitive personal data and will provide adequate security measures to protect Your sensitive personal data.
4. Cookies
In the event that You access any electronic device of the Company such as applications, websites, information technology and cyber system, etc., the Company uses cookies for collecting personal data as specified in the Cookies Notice.
5. Withdrawal of Consent and Effect thereof
5.1 In the event that the Company Processes personal data with Your consent, You have the right to, at any time, withdraw Your consent given to the Company. Such withdrawal will not affect any Process of personal data performed by the Company prior to the withdrawal of Your consent.
5.2 Your withdrawal of consent given to the Company or refusal to provide certain information may result in the Company being unable to meet all or certain purposes of the Company as notified in this Notice or other purposes as the Company additionally notify You or as per Your consent provided to the Company on a case-by-case basis.
6. Personal Data of Other Persons
6.1 In the event that You provide personal data of other persons to the Company, You have the following obligations:
(1) to notify such person of the details as specified in this Notice including to request a consent from such person (if data subject’s consent is required);
(2) to perform any necessary actions in order that the Company is able to legally Process such person’s personal data.
6.2 Personal data, include sensitive personal data, of other persons which may be Processed by the Company such as name, surname, date of birth, address, sex, information shown in an identification card or passport, nationality, e-mail address, telephone number, occupation, position, work location, financial documents, relationship with You, online social media contact information.
7. Personal Data of a Minor, Incompetent Person and Quasi-incompetent Person
7.1 In the event that the Company has to obtain a consent for Processing personal data of a minor, incompetent person or quasi-incompetent person, the Company will be able to Process personal data of such person only upon the Company’s receipt of a consent of the holder of parental responsibility over the minor, the custodian or the curator, or the person with authority to give consent in the name of such person in accordance with the personal data protection laws (as the case may be).
7.2 In the event that the Company has to obtain a consent for Processing personal data of a minor, incompetent person or quasi-incompetent person but, at that time of data Processing, the Company is not aware that the data subject is a minor, incompetent person or quasi-incompetent person, and later becomes aware that the Company had Processed the personal data of such person without consent of the person with authority to give consent in the name of such person in accordance with clause 7.1, the Company will erase or destroy the personal data or anonymize the personal data of the data subject which is a minor, incompetent person or quasi-incompetent person to become the anonymous data which cannot identify the data subject except in the event that the Company can Process the personal data of such person by using lawful cause and without consent.
8. Period for Retaining the Personal Data
8.1 The Company will retain Your personal data for a period necessary for achieving the purpose of such personal data Processing unless it is permitted to be retained longer by any law. If it is unable to be clearly identify the period for retaining the personal data, the Company will retain Your personal data for a period that can be anticipated in accordance with the collecting standards, by taking into consideration a business practice for each type of personal data.
8.2 In the event that the Company Processes Your personal data with Your consent, the Company will Process Your personal data until the Company receives Your withdrawal for such consent and the Company finishes proceeding with Your withdrawal request. However, the Company will still retain Your personal data as necessary to make a record that You used to withdraw such consent in order that the Company will be able to respond to Your request in the future.
9. Disclosure of Personal Data
9.1 The Company may disclose Your personal data to the companies within the group, any person assigned by the Company to be personal data processors and/or personal data protection officers, advisors, financial institutes, financial service providers, auditors, external auditors, credit rating company, partners, business partners, service providers, contractors, sub-contractors who are related to business operations of the Company to the extent that, associated with personal data, partners who are co-branding with the Company, any natural persons and/or juristic persons who have relationship or legal relation with the Company, any persons who are interesting in receiving the assignment of the Company’s rights and obligations, any persons who intend to have a merger transaction with the Company in any manner, any organization related to sustainability index, infirmary and/or rescue forces (in case of emergency for protecting Your benefits), government authorities, regulatory authorities, legal authorities, any persons who request the Company to disclose Your personal data with legal power and/or in compliance with any agreements You are a party thereto and/or any natural persons or juristic persons as necessary, whether inside or outside Thailand, (including staff members, employees, executives, directors, shareholders, agents and advisors of the Company and of the aforesaid recipients) in order that the Company will be able to operate their businesses and provide services to You including to comply with the purposes of personal data Processing as specified in this Notice or other purposes as the Company will additionally inform You or in accordance with Your consent given to the Company on a case-by-case basis and/or to act in compliance with the laws.
9.2 The Company will cause the recipients of Your personal data to have appropriate security measures for protecting Your personal data and to Process Your personal data only to the extent as necessary, and to prevent any use or disclosure of Your personal data by any other persons without lawful authority.
9.3 The Company will cause the recipients of Your personal data to keep such personal data in confidence and not use it for any purposes other than the purposes of personal data Processing under this Notice or other purposes as the Company will additionally inform You or in accordance with Your consent given to the Company on a case-by-case basis and/or to act in compliance with the laws.
10. Sending or Transferring Personal Data to Foreign Countries
In the event that the Company is required to send or transfer Your personal data to any foreign country including to keep Your personal data on any database in any foreign country, the Company will ensure that a transferee or data retention service provider in such destination country has adequate data protection standard to protect the personal data in accordance with those specified in the personal data protection laws of the country of transferer of such personal data (if any). If the transferee or data retention service provider in such destination country has data protection standard to protect the personal data lower than those specified in the personal data protection laws of the country of transferer of such personal data, the Company will perform as appropriate and necessary in order that the personal data transferred to such foreign country will be protected in the same level as the Company protects Your personal data.
11. Security Measures for Personal Data Protection
11.1 The Company will strictly set up the right to access, use, modify, revise or disclose the personal data including to display or confirm the identity of a person who accesses or uses the personal data in compliance with the standards for safeguarding the personal data as specified in the personal data protection laws.
11.2 The Company will set up an appropriate technological procedure to prevent any access to information technology system which collects personal data without permission.
11.3 In the event that the Company discloses Your personal data to any third person, the Company will perform any action to prevent such person from illegal or unauthorized use or disclosure of the personal data so that such person will only use Your personal data as necessary and in accordance with the purposes as the Company notifies You and/or in accordance with Your consent on a case-by-case basis.
11.4 The Company will set up a monitoring system for erasing or destroying personal data from the collecting system once the retention period for such personal data ends or once such personal data is excessive or no longer related to the data processing purposes or upon Your request or withdrawal of consent.
11.5 In the event that there is a violation of the Company’s security measures for personal data which causes an infringement of Your personal data, the Company will, without delay, notify such infringement to a competent authority as specified in the personal data protection laws unless there is no risk that such infringement will affect Your personal rights and freedom. If there is high risk that such infringement will affect Your personal rights and freedom, the Company will, without delay, notify You of such infringement together with remedial guidelines in accordance with the criteria and procedures specified in the personal data protection laws.
11.6 The Company will record any transactions as specified in the personal data protection laws in writing or on electronic system so that the data subject or any authority under the personal data protection laws be able to make an examination thereon.
12. Rights of Data Subject
12.1 You, as a data subject, have the rights to deal with Your personal data which are in the Company’s responsibility in accordance with the personal data protection laws as follows:
(1) to request access to or obtain copy of Your personal data or to request the disclosure of the acquisition of Your personal data without Your consent;
(2) to obtain Your personal data in electronic form or transfer Your personal data to other persons;
(3) to object to the collection, use, or disclosure of Your personal data in accordance with the personal data protection laws;
(4) to erase or destroy Your personal data, or to anonymize Your personal data to become the anonymous data which cannot identify You in accordance with the personal data protection laws;
(5) to restrict the use of Your personal data in accordance with the personal data protection laws;
(6) to revise or modify Your personal data to be accurate, up to date, complete and not misleading;
(7) to withdraw Your consent given to the Company unless there is any restriction for consent withdrawal by laws or any agreement which gives benefits to You;
(8) to complain to any authority if You believe that any dealing with the personal data by the Company is incompliance with the personal data protection laws.
12.2 You can use the right as specified in clause 12.1 by contacting the person specified in clause 14 hereof.
12.3 The Company reserves the right to refuse to perform according to Your request, whether in whole or in part, if the Company has reasonable and lawful reason such as such performance will cause unreasonable burden to the Company, is impracticable, is illegal or the use of such right by You will or may affect other person’s rights or freedom or in the event that the Company has a legal authority to collect Your personal data without Your consent.
13. Privacy Notice or Privacy Policy of other Websites or Applications
In the event that You use the Company’s websites or applications and You clicks any link shown on such websites or applications to enter into other websites or applications, whether such other websites or applications belong to the Company or not, You are required to learn and comply with the Privacy Notice or Privacy Policy of such other websites or applications, and the Company will not be responsible for any contents or data protection standards to protect the personal data of such other websites or applications. Moreover, if You give Your personal data to the owners of other websites or applications, You acknowledge and understand that the Company is not relevant to processing of Your personal data by the owners of such other websites or applications.
14. Details of Personal Data Controller and Personal Data Protection Officer
You can contact the personal data controller and/or personal data protection officer of the Company through the following channels:
PDPA Contact Center
Tel: 02-975-5566 or email: pdpa_info@oishigroup.com
15. Revision of Personal Data Protection Notice
In the event that there is any revision to this Notice, the Company will make an announcement via the Company’s website or application, or other communication channels of the Company and the new Notice will be effective on the date of such announcement.