ภาษาไทย
Personal Data Protection Notice (Show/Hide Menu)
- Personal Data Protection Notice for Customers and Activities Participants
- Personal Data Protection Notice for Partners and Business Partners
- Personal Data Protection Notice for Shareholders, Investors and Potential Investors
- Personal Data Protection Notice for the Company's Visitors, Workplace Building Visitors and CCTV
- Personal Data Protection Notice for the Company’s Directors
- Personal Data Protection Notice for Training Activities, Seminars, Community Service Activities or Other Activities
- Notice regarding the Processing of the Personal Data You Provided to the Company before the Effective Date of the Personal Data Protection Act
- Personal Data Protection Notice for Employees
- Notice regarding the Processing of the Personal Data
- Use of Cookies Notice
Personal Data Protection Notice for Employees
We, Oishi Group Public Company Limited , (the “Company”) recognize and respect the privacy and the protection of personaldata of employees (collectively “You”). The Companies put in place this PersonalData Protection Notice, in order to notify You of the details related to a collection,use and disclosure of Your Personal Data (collectively the “Process”) in accordancewith the personal data protection laws.
1. Purposes of processing the Personal Data
1.1 The Companies will Process Your personal data for the following purposes:
| Purposes | Lawful Basis | |
| (1) | Preparing employment contracts or agreements, performing obligations according to employment contracts, making payments of Your remunerations orother benefits. | Contractual |
| (2) | Compliance with rules and regulations relating to human resource management, company’s code of conduct, assignment of works, transfer of employees,change of employers, sending employees to work inother companies and/or organizations (Secondment),training, evaluation of employee’s performance,consideration of position and remuneration | Contractual Legitimate Interests |
| (3) | Performing according to Your request of medical expense and reviewing requests for medical expenses. | Contractual Consent |
| (4) | Managing of human resource such as the analysis study and allocation of manpower, employees’ development,provision of medical , insurance and others welfare of employees, operationforemployee’s activities, financial and budget management, internal correspondence,external correspondence, any operation relating to the registration process, authorization process, preparationof certificates, documents for publication and reports, identification and verification of the accuracy of information received from employees, analysis and preparation of databases of work experiences, contact information, information transmission, public relations, improvement of working environments, provision of facilities, monitor and control the efficiency of work system of employees and care for employees after a termination of employment, etc. | Contractual Legitimate Interests |
| (5) | Safeguarding Information Security, creating user account,identifying user for accessing work systems and information systems. | Legitimate Interests |
| (6) | Using as information and supporting documents for any proceeding with banks, financial institutions, the Department of Business Development, the Revenue Department, the Excise Department, the Stock Exchange of Thailand, the Office of Securities and Exchange Commission and other relevant external organizations. | Legitimate Interests |
| (7) | Publicizing information through relevant channels such as internal email of the Companies, the Companies’ website, Facebook, LINE, YouTube or other online media of the Companies or other media such as television, publication, etc. | Legitimate Interests Consent |
| (8) | Business planning, reporting, and anticipating, managing of risk, auditing including an internal auditing by the internal audit department and an internal management within the organization, including for the benefit of internal operations within the Companies in relation to the disbursement of payment of the accounting and finance department. | Legitimate Interests |
| (9) | Proceedings in relation to the assignment of any right, duty and benefit such as merger and acquisition,separation or business transfer which has been lawfully conducted. | Legitimate Interests |
| (10) | Communicating and providing benefits to employees both while they are the Companies’ employees and after their termination of employment. | Legitimate Interests |
| (11) | Investigating and inquiring of a complaint within an organization, preventing of corruption considering of discipline pursuant to rules, regulations, work regulations, providing security, preventing accidents and criminal activities, monitoring and inspecting the Companies’ assets or any other legal proceeding including the inspection and management of complaints and allegations in relation to the operations of the Companiesor anyrelated person to ensuretransparency and equality for all parties. | Legitimate Interests |
| (12) | Compliance with relevant laws such as labor protection law, labor relations law, social security law, workmen’s compensation law, provident fund law, empowerment of persons with disabilities law, safety, occupational health, and environment at work law, establishment of labour courts and labour court procedure law, control of occupational diseases and environmental diseases law, communicable diseases law, tax law and laws related to insurance and life insurance, etc. | Legal Obligation |
| (13) | Compliance with laws concerning public interest in respect of public health such as health protection against dangerous communicable disease or epidemic which may be contagious or spread into the kingdom. | Legal Obligation |
| (14) | Managing Your hygiene and safety. | Preventing or suppressing danger to a person's life, body or health (Vital Interests) |
1.2 In the event that the Companies will Process Your personal data forany purpose other than the above purposes, The Companies may collect your additional personal data by notifying you and requesting Your consent from timeto time (as the case may be).
2. Personal Data to be Collected
In general, the Companies will collect Your personal data by directly queryingyou or requesting the data from you; however, there may be some circumstances that the Companies may collect Your personal data from other sources such as government authorities or other sources where Your personal data are clearly and publicly disclosed including the personal data disclosed via social media, etc., in such case the Companies will choose to collect only the information you choose to be publicly available. In this regard, the type of Your personal data which will be Processed by the Companies will be as follows:
2.1 Information and documents related to employee recruitment provided by You to the Companies such as resume, Curriculum Vitae (CV), job application documents, annotations for employee recruitment, etc.
;2.2 Your personal information such as name, surname, gender, date of birth, weight, height, identification card number or passport number, blood type, religion and marital status, interests, opinions, etc.
2.3 Contact information such as address, e-mail address, telephone number, Line ID, online social media contact information.
2.4 Working conditions such as Your ability to work in other provinces or countries Your preferred working location.
2.5 Information about/of Your spouse, children, father and mother such as name, surname, identification card number or passport, date of birth, nationality, blood type, education, address, telephone number.
2.6 Information about family members or persons in the Employees’ custody who are eligible to receive benefits in accordance with the Companies’ rules and regulations on human capital management such as beneficiaries, etc. Pleasenotify such persons of the details as specified in this Notice prior to providing the aforementioned information to the Companies.
2.7 Photographs, motion pictures and recording visual and/or audio from closed-circuit television cameras; (“CCTV”) whereby the Companies will post a sign indicating that CCTV is being used in the area under the Companies’ responsibility.
2.8 Information about Your education, capability, competency development, and other qualifications such as level of education, educational institution/university, educational background, training records, educational results, test results, right to work legally, professional qualifications, language abilities, other capabilities, and any information from references provided by You to the Companies, etc.
2.9 Information about Your work experience, working history prior to and after being employed within the Companies as follows:
(1) pre-employment information, such as information about the position, responsibility, remuneration, benefits You received from Your past employers, Your past employers’ details (e.g. working locations, phone number, etc.);
(2) employment information after being employed within the Companies, such as information about the position, responsibility, remuneration, benefits You received from the Companies, department, working location, from the date You start working for the Companies until now, etc.;
2.10 Information about military status.
2.11 Information about reference persons and contact person in case of emergency. Please notify such persons of details as specified in this Notice prior to providing the aforementioned information to the Companies.
2.12 Information about Your characteristics such as habits, behaviors, attitudes, aptitude, skills, leadership, teamwork, and emotional intelligence, corporate commitment, etc. This information may be collected from observation and analysis by the Companies, Your supervisors, subordinates, colleagues while You perform Your duties or participate in the Companies’ activities.
2.13 Information necessary for reporting to regulatory agencies such as the Ministry of Labor, the Stock Exchange of Thailand, the Securities and Exchange Commission (SEC), Thai Institute of Directors Association (IOD), Singapore Exchange (SGX), etc.
2.14 Financial information such as information about wage, salary, income, tax, provident fund, bank account, loans, tax exemptions or deductions, etc.
2.15 Information relating to social security, compensation, labor protection, labor relations, privilege, welfare, and benefits that You receive or are entitled to receive in accordance with the Companies’ rules and regulations on human capital management.
2.16 Recordsof attendance and working duration, overtime working,whether on a normal working day or on holiday, working on holiday, absence and leave, place of work.
2.17 Information on usage and access to information technology systems, computers, work systems, websites, applications, network systems, electronic devices, e-mail system, to comply with the information technology security policy, including rules, regulations and measures for the use of information technology systems of the Companies and related laws which include user account, password, Personal Identification Number (PIN), information about the electronic devices You use, such as the reference number of the electronic device (IP Address), location data or other device identifier, the type and version of the browser You use, including the type and version of the plug-in of the browser and time zone setting.
2.18 Information collected from Your participation with the Companies such as activities participation and surveys and assessments response, etc.
2.19 Information You choose to share and disclose through the Companies’ systems, applications, tools, questionnaires, assessment forms, and other documents.
2.20 Copy of documents that can be used to identify Your identity such as an identification card, passport, other documents issued by government agencies, etc.
2.21 Copy of work permits or relevant professional licenses (if any), and educational documents.
2.22 Information about Your vehicles (such as vehicle registration number, brand, color), driver’s license, car and/or motorcycle registration document, driving ability, and, in case of a vehicle provided by the Companies to You, we will also collect information about your driving behavior.
2.23 Other information necessary for investigating conflicts of interest, such as information regarding stock holding and Your relationship with Partners, Business Partners and/or natural persons or juristic persons who are connected persons and/or competitors of the Companies.
2.24 Information about accidents whether the accidents are occurred during working hours or not, or the cause of the accidents are related to work or not, and other accidents.
2.25 Other information necessary for compliance with Your employment contract, provision of welfare and benefits, the Companies’ analysis and administration, taking care of Employees after they no longer be the Companies’ employees, and compliance with applicable laws.
2.26 Information regarding whistleblowing, investigation, complaints, and disciplinary actions.
2.27 Information regarding the screening according to epidemic prevention. However, the aforementioned collected personal data is necessary for the Companies, if You decline to provide the Companies with the Personal Data that is required for compliance with the laws or the contracts or entering into a contract with the Companies, this may cause obligations of the Companies under the contracts and Your rights to access to benefits or services provided by the Companies to its Employees cannot be completely performed. (as the case may be)
3. Sensitive Personal Data
3.1 The Companies may have to Process Sensitive Personal Data in accordance with the personal data protection laws for the purposes as notified by the Companies according to this Notice or any other purposes as the Companies additionally notify You or as per Your consent provided to the Companies on a case-by-case basis.
3.2 The Companies may have to Process Your Sensitive Personal Data as follows:
(1) health information such as weight, height, personal congenital disease, examination results, blood group, doctor's certificate, prescription history, medical bills for the purposes of labor protection and provision of benefits related to medical care for Employees, working ability assessment, compliance with relevant laws, in order to study and analyse Employees’ health information for appropriate management, etc.;
(2) biometric data such as fingerprint and facial model simulation in order to identify and verify Your identity, to prevent crime, to prevent the spread of contagious diseases and safeguard legitimate interests of the Companiesor other persons, etc.;
(3) information about criminal records for considering Your suitability to work with and safeguard legitimate interests of the Companies or other persons. The Companies will collect such information from the evidence provided by You or, with Your consent, verification with a relevant authority. The Companies will provide security measures to protect such information as required by laws;
(4) race, disability, trade union information for providing suitable facilities, activities and welfares to Employees including for managing Employees’ well-being equally and fairly in accordance with the human rights principles;
(5) other Sensitive Personal Data due to legitimate purposes, such as for protecting or restraining any danger to any person’s life, body or health, such Sensitive Personal Data is in public domain by Your express consent, for exercising legal claims, for achieving the objectives related to labor protection, social security, compensation and Employees’ welfare, etc.
3.3 The Companies will request for Your express consent on a case-by-case basis for Processing Your Sensitive Personal Data and will provide adequate security measures to protect Your Sensitive Personal Data.
4. Cookies
In the event that You access any electronic device of the Companies such as applications, websites, information technology and cyber system, etc., the Companies use cookies for collecting Personal Data as specified in the Cookies Notice.
5. Withdrawal of Consent and Effect thereof
5.1 In the event that the Companies Process Personal Data with Your consent, You have the right to, at any time, withdraw Your consent given to the Companies. Such withdrawal will not affect any Process of Personal Data performed by the Companies prior to the withdrawal of Your consent.
5.2 Your withdrawal of consent given to the Companiesor refusal to provide certain information may result in the Companies being unable to meet all or certain purposes of the Companies as notified in this Notice or other purposes as the Companies additionally notify You or as per Your consent provided to the Companies on a case-by-case basis.
6. Personal Data of Other Persons
6.1 In the event that You provide Personal Data of other persons to the Companies, You have the following obligations:
(1) to notify such person of the details as specified in this Notice including to request a consent from such person (if Data Subject’s consent is required);
(2) to perform any necessary actions in order that the Companies are able to legally Process such person’s Personal Data.
6.2 Personal Data of other persons which may be processed by the Companies include Sensitive Personal Data such as name, surname, date of birth, address, sex, information shown in an identification card or passport, nationality, e-mail address, telephone number, occupation, position, work location, financial documents, relationship with You, online social media contact information.
7. Personal Data of a Minor, Incompetent Person and Quasi-incompetent Person
7.1 In the event that the Companieshaveto obtain a consent for Processing Personal Data of a minor, incompetent person or quasi-incompetent person, the Companies will be able to process Personal Data of such person only upon the Companies’ receipt of a consent of the holder of parental responsibility over the child, the custodian or the curator, or the person with authority to give consent in the name of such person in accordance with the personal data protection laws (as the case may be).
7.2 In the event that the Companieshaveto obtaina consent for Processing Personal Data of a minor, incompetent person or quasi-incompetent person but, at that time of data processing, the Companies are not aware that the Data Subject is a minor, incompetent person or quasi-incompetent person, and later becomes aware that the Companieshad Processed the Personal Data of such person without consent of the person with authority to give consent in the name of such person in accordance with clause 8.1, the Companies will erase or destroy the Personal Data or anonymize the Personal Data of the Data Subject which is a minor, incompetent person or quasi-incompetent personto become the anonymous data which cannot identify the Data Subject except in the event that the Companies can Process the Personal Data of such person by using lawful cause and without consent.
8. Period for Retaining the Personal Data
8.1 The Companies will retain Your Personal Data for a period necessary for achieving the purpose of such Personal Data Processing unless it is permitted to be retained longer by any law. If it is unable to be clearly identify the period for retaining the Personal Data, the Companies will retain Your Personal Data for a period that can be anticipated in accordance with the collecting standards, by taking into consideration a business practice for each type of Personal Data.
8.2 The Companies will retain Your Personal Data throughout the duration of Your employment within the Companies for compliance with the contract and will continue retain it for the necessary period after You no longer be the Companies’ employee.
8.3 The Companies will retain Personal Data of Your family members or persons in Your custody for a period necessary for achieving the purpose of this Notice, especially, for responding to Your right to receive benefits in accordance with the Companies’ rules and regulations on human capital management.
8.4 The Companies will retain Your Personal Data receiving from records of the CCTV for a period as follows:
(1) in normal circumstance, the Companies will retain Your Personal Data for 1 year starting from the date the CCTV making such record:
(2) in necessary circumstance such as using as evidence for an investigation, inquiry or trial or as requested by You, the Companies will retain Your Personal Data for more than 1 year starting from the date the CCTV making such record and the Companies will erase or destroy the Personal Data or anonymize Your Personal Data to become the anonymous data which cannot identify You once the performance for such purpose is completely finished.
8.5 In the event that the Companies Process Your Personal Data with Your consent, the Companies will Process Your Personal Data until the Companies receive Your withdrawal for such consent and the Companies finish proceeding with Your withdrawal request. However, the Companies will still retain Your Personal Data as necessary to make a record that You used to withdraw such consent in order that the Companies will be able to respond to Your request in the future.
9. Disclosure of Personal Data
9.1 The Companies may disclose Your Personal Data to the Companies, any person assigned by the Companies to be personal data processors and/or personal data protection officers, advisors, financial institutes, financial service providers, auditors, external auditors, credit rating companies, Partners, Business Partners, service providers who are related to the process of employee recruitment and selection, employment, security, background check, qualification and ability test, service providers, contractors, sub-contractors who are related to business operations of the Companies to the extent that, associated with Personal Data, partners who are co-branding with the Companies, any natural persons and/or juristic persons who have relationship or legal relation with the Companies, any persons who are interesting in receiving the assignment of the Companies’ rights and obligations, any persons who intend to have a merger transaction with the Companies in any manner, any organization related to sustainability index, infirmary and/or rescue forces (in case of emergency for protecting Your benefits), government authorities, regulatory authorities, legal authorities, any persons who request the Companies to disclose Your Personal Data with legal power and/or in compliance with any agreements You are a party thereto and/or any natural persons or juristic persons as necessary, whether inside or outside Thailand, (including staff members, employees, executives, directors, shareholders, agents and advisors of the Companies and of the aforesaid recipients) in order that the Companies will be able to operate their businesses and provide services to You including to comply with the purposes of Personal Data Processing as specified in this Notice or other purposes as the Companies will additionally inform You or in accordance with Your consent given to the Companies on a case-by-case basis and/or to act in compliance with the laws.
9.2 The Companies will cause the recipients of Your Personal Data to have appropriate security measures for protecting Your Personal Data and to Process Your Personal Data only to the extent as necessary, and to prevent any use or disclosure of Your Personal Data by any other persons without lawful authority.
9.3 The Companies will cause the recipients of Your Personal Data to keep such Personal Data in confidence and not use it for any purposes other than the purposes of Personal Data Processing under this Notice or other purposes as the Companies will additionally inform You or in accordance with Your consent given to the Companies on a case-by-case basis and/or to act in compliance with the laws.
10. Sending or Transferring Personal Data to Foreign Countries
In the event that the Companies are required to send or transfer Your Personal Data to any foreign country including to keep Your Personal Data on any database in any foreign country, the Companies will ensure that a transferee or data retention service provider in such destination country has adequate data protection standard to protect the Personal Data in accordance with those specified in the personal data protection laws of the country of transferer of such Personal Data (if any). If the transferee or data retention service provider in such destination country has data protection standard to protect the Personal Data lower than those specified in the personal data protection laws of the country of transferer of such Personal Data, the Companies will perform as appropriate and necessary in order that the Personal Data transferred to such foreign country will be protected in the same level as the Companies protect Your Personal Data.
11. Security Measures for Personal Data Protection
11.1 The Companies will strictly set up the right to access, use, modify, revise or disclose the Personal Data including to display or confirm the identityof a person who accesses or uses the Personal Data in compliance with the standards for safeguarding the Personal Data as specified in the personal data protection laws.
11.2 The Companies will set up an appropriate technological procedure to prevent any access to information technology system without permission.
11.3 In the event that the Companies disclose Your Personal Data to any third person, the Companies will perform any action to prevent such person from illegal or unauthorized use or disclosure of the Personal Data so that such person will only use Your Personal Data as necessary and in accordance with the purposes as the Companies notify You and/or in accordance with Your consent on a case-by-case basis.
11.4 The Companies will set up a monitoring system for erasing or destroying Personal Data from the collecting system once the retention period for such Personal Data ends or once such Personal Data is excessive or no longer related to the data processing purposes or upon Your request or withdrawal of consent.
11.5 In the event that there is a violation of the Companies’ security measures for Personal Data which causes an infringement of Your Personal Data, the Companies will, without delay, notify such infringement to a competent authority as specified in the personal data protection laws unless there is no risk that such infringement will affect Your personal rights and freedom. If there is high risk that such infringement will affect Your personal rights and freedom, the Companies will, without delay, notify You of such infringement together with remedial guidelines in accordance with the criteria and procedures specified in the personal data protection laws. 11.6 The Companies will record any transactions as specified in the personal data protection laws in writing or on electronic system so that the Data Subject or any authority under the personal data protection laws be able to make an examination thereon.
12. Rights of Data Subject
12.1 You, as a Data Subject, have the rights to deal with Your Personal Data which are in the Companies’ responsibility in accordance with the personal data protection laws as follows:
(1) to request access to or obtain copy of Your Personal Data or to request the disclosure of the acquisition of Your Personal Data obtained without Your consent;
(2) to obtain Your Personal Data in electronic form or transfer Your Personal Data to other persons;
(3) to object to the collection, use, or disclosure of Your Personal Data in accordance with the personal data protection laws;
(4) to erase or destroy Your Personal Data, or to anonymize Your Personal Data to become the anonymous data which cannot identify You in accordance with the personal data protection laws;
(5) to restrict the use of Your Personal Data in accordance with the personal data protection laws;
(6) to revise or modify Your Personal Data to be accurate, up to date, complete and not misleading;
(7) to withdraw Your consent given to the Companies unless there is any restriction for consent withdrawal by laws or any agreement which gives benefits to You;
(8) to complain to any authority if You believe that any dealing with the Personal Data by the Companies is incompliance with the personal data protection laws.
12.2 You can use the right as specified in clause 13.1 by contacting the person specified in clause 15 hereof.
12.3 The Companies reserve the right to refuse to perform according to Your request, whether in whole or in part, if the Companies have reasonable and lawful reason such as such performance will cause unreasonable burden to the Companies, is impracticable, is illegal or the use of such right by You will or may affect other person’s rights or freedom or in the event that the Companies have a legal authority to collect Your Personal Data without your consent.
13. Privacy Notice or Privacy Policy of other Websites or Applications
In the event that You use the Companies’ websites or applications and You clicks any link shown on such websites or applications to enter into other websites or applications, whether such other websites or applications belong to the Companies or not, You agree to read and comply with the Privacy Notice or Privacy Policy of such other websites or applications, and the Companies will not be responsible for any contents or data protection standards to protect the Personal Data of such other websites or applications. Moreover, if You give Your Personal Data to the owners of other websites or applications, You acknowledge and understand that the Companies arenot relevant to processing of Your Personal Data by the owners of such other websites or applications.
14. Details of Data Controller and Personal Data Protection Officer
You can contact the data controller and/or personal data protection officer of the Companies through the following channels:
Helpdesk HC
Telephone: 02-078-5858, E-mail: helpdesk.hc@oishigroup.com
PDPA Contact Center
Tel: 02-975-5566 or email: pdpa_info@oishigroup.com
15. Revision of Personal Data Protection Notice
In the event that there is any revision to this Notice, the Companies will make an announcement via the Companies’ website or application, or other communication channels of the Companies and the new Notice will be effective on the date of such announcement.