Date: XXX
Dear XXX,
Nisshinbo Somboon Automotive Co., Ltd. values your privacy and strives to protect your personal data based on Thai law.
You are employed for the role within Nisshinbo Somboon Automotive Co., Ltd. who is the ‘Data Controller’ for the collection, usage, and/or disclosure of your personal data during on-boarding and employment processes.
This privacy notice explains how we look after your personal data:
What kind of personal data do we collect? This includes what you tell us about yourself and what we learn through a recruitment process.
How do we use your personal data?
Who do we disclose the personal data to?
What are the choices we offer? This includes how to access and update your personal data.
What are your privacy rights and how does the law protect you?
1. Collection of personal data
We use many different kinds of the personal data. The type of your data that we collect depends on various circumstances.
We collect the personal data about you from a variety of sources, including but not limited to:
Application forms online or otherwise, CVs or resumes.
The information we have received during the recruitment process.
Identification documents such as ID card, passport, driving license, etc.
The information we have received when you use our systems, tools and websites.
The forms completed by you at the start of or during employment (such as benefit nomination forms); and/or
The correspondences with you through interviews, meetings or other assessments e.g., CCTV, recording equipment, etc.
In some cases, we may collect the personal data about you from third parties, such as the references supplied by the former employers, data from employment background check providers, data from credit reference agencies and data from criminal record.
The categories of personal data about you that we process, subject to the applicable law, including but not limited to:
Personal details: Your name, address, contact details (e.g., email address, telephone number, social media, etc.), date of birth, gender, ID document number and issue/expiry dates, nationality, entitlement to work in Thailand.
Family details: Names and contact details of family members and dependents.
Professional details: The details of your qualifications, skills, experience and employment history.
Transactional details: The details of your bank account, salary, tax payment and benefits (such as pensions or insurance cover).
Contractual details: The terms and conditions of your employment
The details of working days and hours, and attendance at work
The details of periods of leave taken by you, including holiday, sickness absence, family leave, compassionate leave and leave without pay, and reasons for the leaves
The details of any disciplinary or grievance procedures in which you have been involved during the employment with us, including any warnings issued to you and related correspondences
The assessments of your performance, including appraisals, performance reviews, ratings, trainings you have participated in, performance improvement plans and related correspondences
The details of your personal shares/equity holdings and trading activities
Sensitive personal data:
Racial or ethnic origin.
Religious, philosophical, and political beliefs.
Health/medical/biological data.
Criminal record.
Labour union membership.
Security protection personal data:
CCTV Images.
2. Use of your personal data
We may collect and use your personal data only if we have proper reasons to do so.
This includes sharing it outside Nisshinbo Somboon Automotive Co., Ltd.
We will rely on one or more of the following reasons when processing personal data:
When it is to fulfill your contract of employment or another contract we have with you.
When it is vital to yourself.
When it is our legal duty.
When it is in our legitimate interest; or
When you consent to it.
The law and other regulations treat the sensitive personal data more stringently. We will not collect, use and/or disclose this type of personal data without your consent unless the law allows us to do so. If we do, it will only be when it is necessary:
for the reasons of vital interest.
for the reasons of substantial public interests.
for employment purposes.
for the detection and prevention of fraud and crime; or
for establishing, exercising and/or defending legal claims.
The purposes for which we may process your personal data, subject to the applicable law, and the legal basis on which we may perform such processing, are:
Fulfilment of contract
• To manage the recruitment process
• To pay you in accordance with the employment contract
• To administer the benefits, pension and insurance entitlement
Our legal duties
• To check your entitlement to work in Thailand
• To deduct tax
• To comply with health and safety laws
• To enable you to take the periods of leave to which they are entitled
Your consents
• Equal opportunities monitoring: ethnic origin, health, religion and/or belief
• To carry out the criminal record checks to ensure that you are permitted to undertake the role in question
Our legitimate interests
• To run the recruitment and promotion processes
• To maintain accurate and up-to-date employment records, contact details (including the details of who to contact in the event of emergency) and records of employee contractual and statutory rights
• To operate and keep a record of disciplinary and grievance processes, and to ensure an acceptable conduct within the workplace
• To operate and keep a record of employee performance and related processes, and plan for a career development, and workforce management
• To operate and keep a record of absence and absence management procedures, to allow an effective workforce management, and to ensure that you receive the pay or other benefits to which you are entitled to
• To obtain an occupational health advice, to ensure that it complies with the duties in relation to individuals with disabilities, to meet its obligations under health and safety laws, and to ensure that you receive the pay or other benefits to which you are entitled to
• To operate and keep a record of other types of leaves (including maternity, paternity, adoption, parental and shared parental leave), to allow the effective workforce management, to ensure that we comply with the duties in relation to leave entitlement, and to ensure that you receive the pay or other benefits to which you are entitled to
• To ensure an effective general HR and business administration
• To manage trainings and development
• To ensure a security of promises, data and technology
• To provide references on request for current or former employees
• To respond to and defend against legal claims
• To maintain and promote an equality in the workplace
When we rely on the legitimate interests as the reason for processing the personal data, it has considered whether or not your rights are overridden by our interests and has concluded that they are not.
3. Disclosure of personal data
We may share your personal data with others where it is lawful to do so, including where we or they:
need to provide you with the requirement under the employee contract (e.g., fulfil a payment request, etc.)
have a public or legal duty to do so (e.g., assist in an employee tax deduction, criminal and mental/health check, etc.)
need to in connection with a regulatory reporting (e.g., to Labour office, etc.), litigation, asserting or defending legal rights and interests.
have legitimate business reasons to do so (e.g., manage risk, internal report, assess data analysis, performance management, etc.); and/or
ask for your permission to share it, and you agree.
We may share your personal data for these purposes with others, including:
internal units, including HR, your line manager, managers in the business area in which you work and IT staff if the access to the personal data is necessary for the performance of their roles.
any sub-contractors, agents or service providers who work for us or provide the services related to the employee contract fulfillment to us in connection with a payroll, provision of benefits (including pensions, medical insurance, death in service scheme, travel insurance, etc.) and provision of occupational health services, this is including their sub-contractors, service providers, directors and officers.
third parties in order to obtain employment background checks and necessary criminal record checks; and/or
third parties in the context of sale of some or all of our business.
Personal data overseas transfer
Your personal data may be transferred to and stored/processed in other countries.
Such countries may not have the same level of protection for the personal data. When we do this, we will ensure it has an appropriate level of protection and that the transfer is lawful. We may need to transfer the personal data in this way to carry out our contract with you, fulfill the legal obligations, protect the public interests and/or for our legitimate interests. In some countries, the law might compel us to share certain personal data (e.g., with tax authorities). Even in these cases, we will only share personal data with people who have the right to see it.
4. Retention of personal data
We collect your personal data for as long as it is necessary to carry out the purpose for which it was collected i.e., for the recruitment, employment and legal reasons, or compliance with the applicable laws.
We will hold your personal data for the duration of your employment plus 10 years, unless otherwise in the event of regulatory or technical reasons, we may keep your personal data for longer than 10 years. If we do not need to retain the personal data for longer than it is legally necessary, we will destroy, delete or anonymize it.
5. Accuracy of your personal data
We need your help to ensure that your personal data is current, complete and accurate. Please inform us of any changes to your personal data by contacting HR representative at XXX or updating your information at/via XXX.
We will occasionally request the updates from you to ensure the personal data we use to fulfil the purposes of collection, use and/or disclosure are current, accurate and complete.
6. Your rights
Right to withdraw: This enables you to withdraw your consent to our processing of your personal data, which you can do at any time. We may continue to process your personal data if we have another legitimate reason to do so.
Right to access: This enables you to receive a copy of personal data we hold about you and to check that we are lawfully processing it.
Right to correct: This enables you to have any incomplete or inaccurate information we hold about you corrected.
Right to erasure: This enables you to ask us to delete or remove your personal data where there is no good reason for us to continue processing it.
Right to object: This enables you to object to the processing of your personal data where we are relying on the legitimate interest and there is something about your particular situation which makes you want to object to the processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
Right to restrict processing: This enables you to ask us to suspend the processing of personal data about you, for example, if you want us to establish its accuracy or the reason for processing it; and
Right to portability: Request the transfer of your personal data to another party.
Handling of complaints
In the event that you wish to make the complaint about how we process your personal data, please contact us and we will try to consider your request as soon as possible. This does not prejudice your right to file the complaint with a government authority that has a data protection authority.
7. Security of your personal data
Information is our asset and therefore we place a great importance on ensuring the security of your personal data. We regularly review and implement up-to-date physical, technical and organizational security measures when processing your personal data. We have internal policies and controls in place to ensure that your personal data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the performance of their duties.
8. Your responsibilities
You are responsible for making sure that the personal data you give us or provided on your behalf, is accurate and up to date, and you must tell us as soon as possible if there are any updates.
You have some responsibilities under your employment contract to provide us with the personal data. In particular, you are required to report absences from work and may be required to provide the data about disciplinary or other matters honestly. You may also have to provide us with the personal data in order to exercise your statutory rights, such as in relation to statutory leave entitlements. Failing to provide the personal data may mean that you are unable to exercise your statutory rights.
Certain personal data, such as contact details, your right to work in Thailand and payment details, have to be provided to enable us to enter into the contract of employment with you. If you do not provide other personal data, this will hinder our ability to administer the rights and obligations arising as a result of employment relationship efficiently.
9. Contact us
Please contact us at XXX, email us at XXX, or call us at XXX if you have any questions in regards to the protection of your personal data or if you wish to exercise your rights.
10. Revision of our privacy notice
We keep our privacy notice under a regular review and thus the privacy notice may be subject to changes. The date of last revision of privacy notice can be found on the top of page.
Acknowledgement of privacy notice:
By signing below, I, XXX, have read and understood this privacy notice, and have acknowledged the presence of this privacy notice.
____________________
XXX