ภาษาไทย
Personal Data Protection Notice (Show/Hide Menu)
- Personal Data Protection Notice for Customers and Activities Participants
- Personal Data Protection Notice for Partners and Business Partners
- Personal Data Protection Notice for Shareholders, Investors and Potential Investors
- Personal Data Protection Notice for the Company's Visitors, Workplace Building Visitors and CCTV
- Personal Data Protection Notice for the Company’s Directors
- Personal Data Protection Notice for Training Activities, Seminars, Community Service Activities or Other Activities
- Notice regarding the Processing of the Personal Data You Provided to the Company before the Effective Date of the Personal Data Protection Act
- Personal Data Protection Notice for Employees
- Notice regarding the Processing of the Personal Data
- Use of Cookies Notice
Personal Data Protection Notice for Training Activities, Seminars,
Community Service Activities or Other Activities
We, Oishi Group Public Company Limited , (the “Company”) recognize and respect the privacy and the protection of personal data of participant of trainings, seminars, study visits, community service activities or other activities (collectively “You”). The Company put in place this Personal Data Protection Notice in order to notify You of the details relating to a collection, use and disclosure of Your personal data (collectively the “Process”) in accordance with the personal data protection laws.
1. Purposes of Processing the Personal Data
1.1 The Company will Process Your personal data for the following purposes:
| Purposes | Lawful Basis | |
|
(1)
|
Proceeding necessary processes of considering and selecting applicants for participating in trainings, seminars, observational studies, community service activities or other activities of the Company including interviewing process, evaluation and selection process and managing process relating to the consideration and selection of participants to participate in trainings, seminars, observational studies, community service activities or other activities of the Company.
|
Contractual
Legitimate Interests
|
|
(2)
|
Preparing trainings, seminars, observational studies, community servica activities or other activities to be suitable for and to facilitate You such as analyzing and setting type of activities, procuring locations, foods and beverages including other facilitators, etc.
|
Legitimate Interests
|
|
(3)
|
Checking number of participants of trainings, seminars, observational studies, community service activities or other activities, registering for attending the activities, creating record and activities participation of participants, organizing the activities including distributing souvenirs or rewards (if any).
|
Legitimate Interests
|
|
(4)
|
Informing details for attending trainings, seminars, observational studies, community service activities or other activities such as list of participants, date, time, location, etc.
|
Legitimate Interests
|
|
(5)
|
Providing insurance relating to the organizing of activities such as providing group travel insurance, etc. (if any).
|
Legitimate Interests
|
|
(6)
|
Evaluating, analyzing and improving the organizing of trainings, seminars, observational studies, community service activities or other activities of the Company including supporting the request for the certification of management system standard and the photos of the activities may be used as evidence for supporting the response to the evaluation form of regulatory authorities or for submitting for rewards or various contests relating to the organizational management.
|
Legitimate Interests
|
|
(7)
|
Managing risks, overseeing an audit including an internal audit by the internal audit department, expenses closing and an internal management within the organization.
|
Legitimate Interests
|
|
(8)
|
Maintaining security within the buildings and places holding the Company’s activities by using CCTV.
|
Legitimate Interests
|
|
(9)
|
Using as database of the Company’s stakeholders and/or using for relationships management or other communications relating to the Company.
|
Legitimate Interests
|
|
(10)
|
Publicizing trainings, seminars, observational studies, community service activities or other activities organized by the Company via various communication channels of the Company, both internal and external, such as via the Company’s online media or website or via newspaper, television, etc.
|
Legitimate Interests
|
|
(11)
|
Creating media for participants of trainings, seminars or such activities to learn or view later or for creating the Company’s knowledge center.
|
Legitimate Interests
|
|
(12)
|
Complying with laws and creating legal claim, exercising legal rights, taking legal proceeding including reporting or disclosing information to government authorities, independent organizations, regulatory authorities, other persons or organizations as required by laws.
|
Legitimate Interests
Legal Obligation
|
|
(13)
|
Complying with laws concerning public interest in respect of public health such as health protection against dangerous communicable disease or epidemic which may be contagious or spread into the kingdom.
|
Legal Obligation
|
|
(14)
|
Managing Your hygiene and safety.
|
Preventing or suppressing danger to a person's life, body or health (Vital Interests)
|
1.2 In the event that the Company will Process Your personal data for any purpose other than the above purposes, the Company may collect Your additional personal data by notifying You and requesting Your consent from time to time (as the case may be).
2. Personal Data to be Collected
In general, the Company will collect Your personal data by directly querying You or requesting the data from You; however, there may be some circumstances that the Company may collect Your personal data from other sources such as government authorities or other sources where Your personal data are clearly and publicly disclosed including the personal data disclosed via social media, etc. In such case the Company will collect only the information You choose to be publicly available. In this regard, the type of Your personal data which will be Processed by the Company will be as follows:
2.1 Once You participate in trainings, seminars, observational studies, community service activities or other activities of the Company, whether such activities are organized by the Company, by any third party, co-organized by the Company or organized by any third party with support from the Company;
(1) Personal information such as name, surname, date of birth, address and other information specified in the identification card or passport;
(2) Contact information such as address, e-mail address, telephone number, online social media contact information;
(3) Work information such as vocation, position, department, work experience, work level, employment period, employment period in the work level;
(4) Your image, both still and motion, and/or sound in the activities area;
(5) Information relating to trainings or activities or incidents You participated or registered for such trainings or activities or incidents;
(6) Information relating to opinions, satisfactions for participating in the trainings, seminars, observational studies, community service activities or other activities of the Company;
(7) Information regarding vehicles such as register number, brand, color, driver’s license, car or motorcycle registration list (in case the Company provides the parking lot);
2.2 The aforementioned collected personal data is necessary for the Company to perform according to the agreement or Your request prior to entering into an agreement. If You decline to provide the Company with the necessary personal data, the Company may not be able to proceed any action relating to entering into transaction or managing according to the agreement entering into with You (as the case may be).
3. Sensitive Personal Data
3.1 The Company may have to Process sensitive personal data in accordance with the personal data protection laws for the purposes as notified by the Company according to this Notice or any other purposes as the Company additionally notify You or as per Your consent provided to the Company on a case-by-case basis such as:
(1) once the Company has to use the information for the benefit of the Company’s security such as biometric data, face recognition data and fingerprint data for verifying Your identification;
(2) the Company may collect Your sensitive personal data although the trainings, seminars, study visits, community relations activities or other activities of the Company are not directly relating to the sensitive personal data such as the Company has to use Your identification card which contains religious information for verifying Your identification;
(3) health information such as food allergy, drug allergy, personal congenital disease, medical history in case you can claim medical expenses from the Company for using in any training, seminar, study visit, community relations event or other activities You participate in or for public health benefits such as prevention the spread of contagious disease or epidemic, etc.
3.2 The Company will request for Your express consent on a case-by-case basis for Processing Your sensitive personal data and will provide adequate security measures to protect Your sensitive personal data.
4. Cookies
In the event that You access any electronic device of the Company such as applications, websites, information technology and cyber system, etc., the Company uses cookies for collecting personal data as specified in the Cookies Notice.
5. Withdrawal of Consent and Effect thereof
5.1 In the event that the Company Processes personal data with Your consent, You have the right to, at any time, withdraw Your consent given to the Company. Such withdrawal will not affect any Process of personal data performed by the Company prior to the withdrawal of Your consent.
5.2 Your withdrawal of consent given to the Company or refusal to provide certain information may result in the Company being unable to meet all or certain purposes of the Company as notified in this Notice or other purposes as the Company additionally notify You or as per Your consent provided to the Company on a case-by-case basis.
6. Personal Data of Other Persons
6.1 In the event that You provide personal data of other persons to the Company, You have the following obligations:
(1) to notify such person of the details as specified in this Notice including to request a consent from such person (if data subject’s consent is required);
(2) to perform any necessary actions in order that the Company is able to legally Process such person’s personal data.
6.2 Personal data, include sensitive personal data, of other persons which may be Processed by the Company such as name, surname, date of birth, address, sex, information shown in an identification card or passport, nationality, e-mail address, telephone number, occupation, position, work location, financial documents, relationship with You, online social media contact information.
7. Personal Data of a Minor, Incompetent Person and Quasi-incompetent Person
7.1 In the event that the Company has to obtain a consent for Processing personal data of a minor, incompetent person or quasi-incompetent person, the Company will be able to Process personal data of such person only upon the Company’s receipt of a consent of the holder of parental responsibility over the minor, the custodian or the curator, or the person with authority to give consent in the name of such person in accordance with the personal data protection laws (as the case may be).
7.2 In the event that the Company has to obtain a consent for Processing personal data of a minor, incompetent person or quasi-incompetent person but, at that time of data Processing, the Company is not aware that the data subject is a minor, incompetent person or quasi-incompetent person, and later becomes aware that the Company had Processed the personal data of such person without consent of the person with authority to give consent in the name of such person in accordance with clause 7.1, the Company will erase or destroy the personal data or anonymize the personal data of the data subject which is a minor, incompetent person or quasi-incompetent person to become the anonymous data which cannot identify the data subject except in the event that the Company can Process the personal data of such person by using lawful cause and without consent.
8. Period for Retaining the Personal Data
8.1 The Company will retain Your personal data for a period necessary for achieving the purpose of such personal data Processing unless it is permitted to be retained longer by any law. If it is unable to be clearly identify the period for retaining the personal data, the Company will retain Your personal data for a period that can be anticipated in accordance with the collecting standards, by taking into consideration a business practice for each type of personal data.
8.2 The Company will retain Your personal data collected from the CCTVs for a period as follows:
(1) In general, the Company will retain Your personal data for a period of 1 year from the date the CCTV records Your personal data.
(2) In necessary situation such as using as evidence for inquiry, investigation or legal proceeding or in case of Your request, the Company will retain Your personal data over 1 year from the date the CCTV records Your personal data and the Company will delete or destroy the personal data or turn Your personal data into anonymous data once the Company completes such purposes.
8.3 In the event that the Company Processes Your personal data with Your consent, the Company will Process Your personal data until the Company receives Your withdrawal for such consent and the Company finishes proceeding with Your withdrawal request. However, the Company will still retain Your personal data as necessary to make a record that You used to withdraw such consent in order that the Company will be able to respond to Your request in the future.
9. Disclosure of Personal Data
9.1 The Company may disclose Your personal data to the companies within the group, any person assigned by the Company to be personal data processors and/or personal data protection officers, advisors, financial institutes, financial service providers, auditors, external auditors, credit rating company, partners, business partners, service providers, contractors, sub-contractors who are related to business operations of the Company to the extent that, associated with personal data, partners who are co-branding with the Company, any natural persons and/or juristic persons who have relationship or legal relation with the Company, any persons who are interesting in receiving the assignment of the Company’s rights and obligations, any persons who intend to have a merger transaction with the Company in any manner, any organization related to sustainability index, infirmary and/or rescue forces (in case of emergency for protecting Your benefits), government authorities, regulatory authorities, legal authorities, any persons who request the Company to disclose Your personal data with legal power and/or in compliance with any agreements You are a party thereto and/or any natural persons or juristic persons as necessary, whether inside or outside Thailand, (including staff members, employees, executives, directors, shareholders, agents and advisors of the Company and of the aforesaid recipients) in order that the Company will be able to operate their businesses and provide services to You including to comply with the purposes of personal data Processing as specified in this Notice or other purposes as the Company will additionally inform You or in accordance with Your consent given to the Company on a case-by-case basis and/or to act in compliance with the laws.
9.2 The Company will cause the recipients of Your personal data to have appropriate security measures for protecting Your personal data and to Process Your personal data only to the extent as necessary, and to prevent any use or disclosure of Your personal data by any other persons without lawful authority.
9.3 The Company will cause the recipients of Your personal data to keep such personal data in confidence and not use it for any purposes other than the purposes of personal data Processing under this Notice or other purposes as the Company will additionally inform You or in accordance with Your consent given to the Company on a case-by-case basis and/or to act in compliance with the laws.
10. Sending or Transferring Personal Data to Foreign Countries
In the event that the Company is required to send or transfer Your personal data to any foreign country including to keep Your personal data on any database in any foreign country, the Company will ensure that a transferee or data retention service provider in such destination country has adequate data protection standard to protect the personal data in accordance with those specified in the personal data protection laws of the country of transferer of such personal data (if any). If the transferee or data retention service provider in such destination country has data protection standard to protect the personal data lower than those specified in the personal data protection laws of the country of transferer of such personal data, the Company will perform as appropriate and necessary in order that the personal data transferred to such foreign country will be protected in the same level as the Company protect Your personal data.
11. Security Measures for Personal Data Protection
11.1 The Company will strictly set up the right to access, use, modify, revise or disclose the personal data including to display or confirm the identity of a person who accesses or uses the personal data in compliance with the standards for safeguarding the personal data as specified in the personal data protection laws.
11.2 The Company will set up an appropriate technological procedure to prevent any access to information technology system which collects personal data without permission.
11.3 In the event that the Company discloses Your personal data to any third person, the Company will perform any action to prevent such person from illegal or unauthorized use or disclosure of the personal data so that such person will only use Your personal data as necessary and in accordance with the purposes as the Company notifies You and/or in accordance with Your consent on a case-by-case basis.
11.4 The Company will set up a monitoring system for erasing or destroying personal data from the collecting system once the retention period for such personal data ends or once such personal data is excessive or no longer related to the data processing purposes or upon Your request or withdrawal of consent.
11.5 In the event that there is a violation of the Company’s security measures for personal data which causes an infringement of Your personal data, the Company will, without delay, notify such infringement to a competent authority as specified in the personal data protection laws unless there is no risk that such infringement will affect Your personal rights and freedom. If there is high risk that such infringement will affect Your personal rights and freedom, the Company will, without delay, notify You of such infringement together with remedial guidelines in accordance with the criteria and procedures specified in the personal data protection laws.
11.6 The Company will record any transactions as specified in the personal data protection laws in writing or on electronic system so that the data subject or any authority under the personal data protection laws be able to make an examination thereon.
12. Rights of Data Subject
12.1 You, as a data subject, have the rights to deal with Your personal data which are in the Company’s responsibility in accordance with the personal data protection laws as follows:
(1) to request access to or obtain copy of Your personal data or to request the disclosure of the acquisition of Your personal data without Your consent;
(2) to obtain Your personal data in electronic form or transfer Your personal data to other persons;
(3) to object to the collection, use, or disclosure of Your personal data in accordance with the personal data protection laws;
(4) to erase or destroy Your personal data, or to anonymize Your personal data to become the anonymous data which cannot identify You in accordance with the personal data protection laws;
(5) to restrict the use of Your personal data in accordance with the personal data protection laws;
(6) to revise or modify Your personal data to be accurate, up to date, complete and not misleading;
(7) to withdraw Your consent given to the Company unless there is any restriction for consent withdrawal by laws or any agreement which gives benefits to You;
(8) to complain to any authority if You believe that any dealing with the personal data by the Company is incompliance with the personal data protection laws.
12.2 You can use the right as specified in clause 12.1 by contacting the person specified in clause 14 hereof.
12.3 The Company reserves the right to refuse to perform according to Your request, whether in whole or in part, if the Company has reasonable and lawful reason such as such performance will cause unreasonable burden to the Company, is impracticable, is illegal or the use of such right by You will or may affect other person’s rights or freedom or in the event that the Company has a legal authority to collect Your personal data without Your consent.
13. Privacy Notice or Privacy Policy of other Websites or Applications
In the event that You use the Company’s websites or applications and You clicks any link shown on such websites or applications to enter into other websites or applications, whether such other websites or applications belong to the Company or not, You are required to learn and comply with the Privacy Notice or Privacy Policy of such other websites or applications, and the Company will not be responsible for any contents or data protection standards to protect the personal data of such other websites or applications. Moreover, if You give Your personal data to the owners of other websites or applications, You acknowledge and understand that the Company is not relevant to processing of Your personal data by the owners of such other websites or applications.
14. Details of Personal Data Controller and Personal Data Protection Officer
You can contact the personal data controller and/or personal data protection officer of the Company through the following channels:
PDPA Contact Center
Tel: 02-975-5566 or email: pdpa_info@oishigroup.com
15. Revision of Personal Data Protection Notice
In the event that there is any revision to this Notice, the Company will make an announcement via the Company’s website or application, or other communication channels of the Company and the new Notice will be effective on the date of such announcement.