Search
VENDER PRIVACY POLICY
EASY BUY PUBLIC COMPANY LIMITED
[Latest updated : June 6th, 2023]
1. Purpose and Scope of the Privacy Policy
- This Privacy Policy applies to all venders (hereinafter referred to as "You") of Easy Buy Public Company Limited (hereinafter referred to as "Company"). In this regard, the company mainly acts as the data controller under the Personal Data Protection Act B.E.2562. Therefore, the company is committed to collect and process vender’s personal data in accordance with the purposes and scope of the company as specified herein this Privacy Policy.
Data Controller Contact Information |
Data Protection Officer (DPO) Contact Information |
|---|---|
EASY BUY Public Company Limited |
Email : contactpdpa-dpo@easybuy.co.th |
- This Privacy Policy covers data subjects who are company’s vender, including Suppliers, Service Providers and Outsource Staffs.
As used in this Privacy Policy, the following terms shall have the meanings set forth below:
- “Processing” means anything done with vender’s personal data, including collection, storage, use, disclosure and deletion of personal data.
- “Legal Bases” means justifiable reasons to process personal data in accordance with Article 24 and Article 26 of the Personal Data Protection Act B.E.2562.
- “Personal Data” means data relating to the person that can directly or indirectly identify person but not including data of deceased persons such as name-surname, telephone number, address, e-mail, Identification Number, etc.
- “Sensitive Personal Data” means personal data that specially categorized by law such as nationality, political opinion, religious or philosophy belief, sexual behavior, criminal record, health information, disability, Union information, Genetic information, Biometric information or other similar data which prescribed by law that company must proceed with extra care.
- This Privacy Policy may be revised at any given time and the company may notify you through appropriate channels.
2. Personal Data Processed
- The company collects the following categories of your personal data;
• identity data including, but not limited to, full name, nickname, ID card number, tax identification number, picture, and signature;
• profile data including but not limited to Nationality;
• address/contact data including, but not limited to, office address, phone number, ID Address, office phone number and email address;
• employment data including, but not limited to, company name;
• financial data including, but not limited to, bank account number;
• property data including, but not limited to, car registration number;
• evidence including, but not limited to, copy of ID card.
3. How the Company Collect Your Personal Data
- In general, the company will directly collect your personal data through these processes (or channels) including, but not limited to;
• discussion with you in person, or via email and/or fax;
• during agreement arrangement
• purchase system and/or application integration
• supplier registration and payment process.
• webform; and
• paper format and electronic file.
However, the company may collect additional personal data through third-party organizations which include;
• vendor, such as Summit Queen, HP, IBM, SITEM, STREAM, IRON Mountain, and Speed Horse; and
• ervice providers, such as Dept Collection, Bank, GFC, and BRINK; and
• government agency, such as court and police officer.
4. How the Company Process Your Personal Data
- The company will collect, use, and disclose your personal data based on the following, but not limited to, legal bases, such as legal obligation, contractual obligation, and legitimate interest (depending on the circumstances) for the following, but not limited to, purposes.
- 4.1 To carry out various processes before entering into a contract, such as vender registration, consideration of the qualifications of vender, preparation of information prior to entering the procurement process, such as tracing and establishing median prices, identifying the names and details of trading venders, buying or receiving an auction listening to clarifications, presentations related to procurement work (as the case may be) price negotiations, announcement of winners, invitation to bid, bid, authority review, authorization and authorization to submit bid documents of bidders and considering the qualifications of the bidders.
- 4.2 For the necessity of transactions between trading vender and company such as identity verification, power check Delegation and Delegation including to be used as evidence for related transactions, implementation of company's rules, regulations and internal processes, consideration, preparation and signing of commercial contracts, compliance with employment contracts, service contracts, other commercial contracts and related agreements or cooperation between company and company’s counterparties, including the process of requesting and considering related documents that may contain personal information of the Company's directors who are third parties or representatives from government agencies.
- 4.3 For compliance with laws related to transactions between vender and company, such as Tax law.
- 4.4 For business communication, such as contacting or meeting regarding products, services, and other company projects or projects related to the company, as well as recording details of such contacts.
- 4.5 For the purpose of resolving disputes, such as settling a dispute, enforcing contractual obligations, and asserting legal rights and claims, including the power of attorney.
- The following are the groups of activities in which the company utilizes your personal data to carry out all activities in accordance with the aforementioned purposes:
Group of Activities |
Group of PIIs |
Legal Bases |
|---|---|---|
Contract Obligation |
• Identity Data |
• Contract |
System Maintenance |
• Identity Data |
• Contract |
Operations with outside agency |
• Identity Data |
• Legitimate interest |
Updating Data |
• Identity Data |
• Contract |
Backup Data |
• Identity Data |
• Legitimate interest |
Withholding Tax |
• Identity Data |
• Legal Obligation |
Expenses Reimbursement |
• Identity Data |
• Legal Obligation |
Debt Settlement |
• Identity Data |
• Contract |
Signing Contract |
• Identity Data |
• Contract |
Product and Commission fee Payment |
• Identity Data |
• Contract |
Work Area Control |
• Identity Data |
• Legitimate Interest |
Supplier Registration |
• Identity Data |
• Contract |
Recruiting and Selecting |
• Identity Data |
• Contract |
Internal Control |
• Identity Data |
• Contract |
Vendor/Supplier Payment |
• Identity Data |
• Contract |
New and Renew Contract |
• Identity Data |
• Contract |
Petty Cash Payment |
• Identity Data |
• Contract |
Price Comparison |
• Identity Data |
• Contract |
Purchase order |
• Identity Data |
• Contract |
Donation and Sponsorship |
• Identity Data |
• Legitimate Interest |
Record of gifts and reception |
• Identity Data |
• Legitimate Interest |
Legal Documentation Process |
• Identity Data |
• Contract |
Legal opinion |
• Identity Data |
• Legitimate Interest |
Litigation |
• Identity Data |
• Legitimate Interest |
- The company will process your personal data according to the stated purposes and scope. If there came upon a case where personal data were to be processed for other purposes, and it is unlikely to rely on stated purpose, through this policy, the company will provide additional information about the processing's purpose and legal basis.
5. Usage of Personal Data with Third-Party Organizations
- The company may be required to disclose and/or transfer your personal data to third-party organizations, in order for such organizations to process personal data in accordance with agreements and/or legal obligations with the company. These organizations may include;
- • Vendor/Supplier, such as The Mall, BIG C, True, Power Buy, Siam TV, Summit Queen, IRON Mountain, Airlines, Van and Bus, and APT enterprise; and
• Service Providers, such as Krungsri Bank, KPMG, Deloitte, Rasa Ventures Co., Ltd., Jones Lang Lasalle Management Co., Ltd., Secom, GFC, and BRINK; and
• Government sector, such as court and prosecutor.
For the cases where personal data are being disclosed and/or transferred to third-party organizations, the company will ensure that the minimum amount of personal data are being disclosed and/or transferred, and consider anonymization and pseudonymization techniques for greater security. Nevertheless, the third-party organizations who will process your personal data for the company will be required to have in place appropriate privacy policy. Further, the company does not permit these third-party organizations to use the vender personal data in a way that diverge from the agreed scope and purposes.
6. Transferring of Personal Data to Foreign Countries
- The Company will transfer your personal data cross-border only when any of these requirements has been met. The requirements include;
• The receiving foreign country has a comprehensive personal data regulation in place;
• The receiving organization has a comprehensive privacy policy in place and certified by the Office of the Personal Data Protection Commission;
• If the destination country has insufficient standards of Personal Data protection, we shall ensure that Personal Data will be sent or transferred in accordance with law and shall set standards of Personal Data protection as deemed necessary, and appropriate for and consistent with the confidentiality standards. For instance, an agreement must be entered into with the data recipient in that country to ensure that your Personal Data will be protected under the Personal Data protection standards equivalent to that in Thailand
• a pre-requisite to the exercise of legal rights;
• Consent has been obtained from the data subject who is well-aware of the inadequate personal data protection standards of the receiving countries or international organizations;
• Requirement for the execution of an agreement to which you are a party of, or the fulfillment of a request you made prior to entering into the agreement;
• A necessary task to carry out under a contractual agreement between the company and other persons or entities for the benefits of the data subject;
• To ensure the safety or limit further damage to an individual’s health who cannot give consent at the current time; and
• A necessary task for the good of the public.
7. Security Measures for Personal Data Protection
- The Company has implemented certain security measures to ensure the security of your personal data. In this connection, third-party organizations are required to carry out the processing of personal data in accordance with the company’s security policy, and to ensure the security of your personal data
8. Period for Retention of Personal Data Storage
- Unless there is a legal right or a litigation in progress, the company will continue to collect your personal data as long as the legally specified basis and the company's purpose to process such data remain in place. If your personal data is no longer required by the company to process, the company will either permanently delete all of your personal data from the company's data source/system or anonymize your data so that the company cannot identify you from it.
9. Your Rights
- Your personal data rights include:
- • Right to revoke consent – for the case where the company has obtained your consent in order to process your personal data;
• Right of access – you have the right to request a copy of all your personal data and assess if the company is processing your personal data in accordance with relevant laws;
• Right to data portability – for the case where the company has in place an automated platform allowing you to access your personal data automatically:
o you have the right to ask for your personal data to be transferred automatically to other organizations and
o you have the right to request for your personal data in such format that the company has transferred personal data to other organizations, except for the case where there is a technological limitation;
• Right to object – you have the right to object to any data processing activity of your personal data which has been relied on certain legal bases and processing purposes, including: - o public task or legitimate interest
- o direct marketing purposes and
- o scientific, historical or statistic research purposes, unless the processing is necessary for public task;
- • Right to erasure – you have the right to request for data deletion or anonymization, in accordance to the following cases:
- o where processing required terms become expired
- o where consent has been withheld, and we cannot rely on other legal based to process your personal data
- o where there is objection raised against processing activity and
- o where processing activity is not in accordance with relevant laws.
- • Right to restrict processing – you have the right to restrict any data processing activity in accordance with the following cases:
- o during pending examination process
- o for cases related to personal data which initially shall be deleted and/or destroyed, but was followed by an additional request of processing restriction instead
- o for cases where the data processing terms have passed, but you have requested for processing restriction due to legal reasons and
- o during the process of data processing objection verification; and
- • Right to rectification – you have the right to edit your personal data to be correct and concurrent to the present. If any mistake was detected, the company has no right to edit it by our own.
Kindly be informed that the company may not be able to carry out and support the exercise of your rights in particular circumstances, including but not limited to those involving legal proceedings or contractual obligation. Please be aware that the company keeps track of all inquiries to guarantee that all concerns are resolved.
In the case where you have the intention to exercise your personal data protection rights, or to file complaint against your personal data processing, please contact company’s DPO (contact details have been provided above).
The Company will advise and process this request in a secure and timely manner.
10. Policy Revision
- This Privacy Policy was last updated on June 6th, 2023, and it applies to all of the Company's venders. The company holds the rights to review and edit this Privacy Policy as the Company see appropriate.
| Web Browser Recommended: Internet Explorer version 10 or later, Mozilla Firefox, Safari, Google Chrome |