บริษัท อีซี่ บาย จำกัด (มหาชน)
EASY BUY PUBLIC COMPANY LIMITED
Search | ภาษาไทย English

PERSONNEL PRIVACY POLICY

EASY BUY PUBLIC COMPANY LIMITED

[Latest updated: December 1st, 2023]

1. Purpose and Scope of the Privacy Policy

  •   This document is a personal data protection policy for personnel (hereinafter referred to as “personnel” or “you”) of EASY BUY Public Company Limited (hereinafter referred to as “Company”). As a personal data controller according to the Personal Data Protection Act B.E. 2562, this Privacy Policy explains that the Company has collected and used your personal data in accordance with the scope and purpose of the Company which are specified in this privacy policy


Data Controller Contact Information

Data Protection Officer (DPO) Contact Information

EASY BUY Public Company Limited
Rasa Two Building, 8 - 11th Floor 1818
Phetchaburi Road, Makkasan, Ratchathewi, Bangkok 10400

Tel: 02-079-0999
Email: pn.center@easybuy.co.th

Email: contactpdpa-dpo@easybuy.co.th


  •   This Privacy Policy covers personal data subjects who are Personnel of Easy Buy, including Employees, Family members, Emergency contacts, Japanese Management, Advisor, Independent Directors, Interns, Part-time and Outsourced Staff.

  •   As used in this Privacy Policy, the following terms shall have the meanings set forth below:

  •   ‘Processing’ means anything operation to the personal information with Easy Buy Personnel’s personal data, including the collection, storage, use, disclosure and deletion.

  •   ‘Legal Bases’ means justifiable reasons to process personal data in accordance with Article 24 and Article 26 of PDPA.

  •   ‘Personal Data’ means information about an individual by which an individual can be identified both of directly or indirectly but does not include information of the person who pass away for example: name, surname, telephone number, address, e-mail address, identity card number, etc.

  •   ‘Sensitive Personal Data’ means personal data that is specifically required by law, such as race political opinion. belief in a cult, religion or philosophy; sexual behavior Criminal records, health information, disability, trade union information Genetic data, biometric data, or any other similar data required by law, which the Company must proceed with special treat.

  •   This policy may be revised at any given time as notified to Personnel’s through appropriate channels.

2. Personal Data do Processed

  •   The Company processes these groups of personal data specified hereunder.
          • Identity Information for example name, surname, nickname, ID number, employee ID, signature, photograph, etc.
          • Contact Information for example social media communication, address, social media accounts, contact details, phone number, email address, emergency contact person, etc.
          • Employment Information for example position, type of employment, last job title, company name, time sheet, working history, performance evaluation, test data, certifying person, work address, job application details, phone number, expected salary, etc.
          • Financial Information for example bank account number, Installment and Student Loan.
          • Profile Information for example Relation, Weight, Date of Birth, Marital Status, references or background checks, marital status, references or background checks, military status, height, gender, age, etc.
          • IT Information for example IP Address
          • Evidence document for example a copy of ID Card, copy of Household Registration,etc.
          • Education information for example Grade Point Average (GPA), Education background, Academic Transcripts, etc.

          Apart from this, Easy Buy may also store and processes sensitive data:
          • Health Information for example Health Insurance Information, Medical History, Health check resulted, etc.
          • Profile Data including for example criminal record, etc.
          • Biometric Data for example Facial Recognition and Fingerprinted, etc.

3. How the Company Collect Your Personal Data

  •   In general, the Company will directly collect Personnel’s’ personal data through these processes (or channels) for example:
          • fill in forms, supporting documents, notebooks or online webform
          • fills in relevant forms through channels, such as, Expense System or ESA Application
          • Fill in the form, document, website
          • Communicate via email.

          However, Company may collect additional data through Third-party Organizations which included:
          • Financial Service for example Government Housing Bank, etc.
          • Service Provider for example Iron Mountain, Paolo Hospital and National Credit Bureau, etc.
          • Training Provider for example Pacrim Group, etc.
          • Government Agency including for example Bank of Thailand, Police Station, Ministry of Finance and Court of Justice, etc.
          • Recruitment Agency, etc.
          • Hospitals such as Pim Medical Clinic, etc.

  • In addition, the Company may collect personal information from third parties who are related to you by you who provide the information to the Company, such as your spouse, children, father, mother, family members. emergency contact person beneficiary Referrals or former employers whose information is used by the Company to manage welfare and benefits for you or to contact in case of emergency or to reference information that is useful to you Please inform this privacy policy.

4. How the Company Process Your Personal Data

  •   The Company may collect, use and disclose your personal information in a variety of ways, including without limitation, for the purpose of fulfilling the following purposes

  •   4.1 Performance of the contract (Contractual Basis) for the performance of the contract that you are a party, whether internship contract, employment contract or any other contract or for use in the processing of your request/application before entering into the contract, as the case may be, by example, the Company will collect, use and disclose information such as:
  •   (1) Written examinations, interviews, including payment of wages or other remuneration; Provision of welfare or any other benefits Time attendance, leave of absence, appointment, transfer, change of position reorganization Performance Assessment and Management.
         (2) Skill development Employee card preparation Employee registration preparation of employee information communication Legal Compliance, Tax Payments, Risk Management Oversight, fraud prevention, disciplinary investigations Complaint Management within the organization and the financial business group and for any other purposes necessary for the employment of such purposes

  •   4.2 Legal Obligation in order to perform duties as required by law. Duties of the Company as an employer or in any other capacity such as Legal Obligation in order to perform duties as required by law. Duties of the Company as an employer or in any other capacity such as
  •   (1) Civil and Commercial Laws, Financial Institution Business Law, Securities and Exchange Law, Insurance law, Labor protection law, Social security law, Compensation law, Labor relations law, Provident fund la, Tax law, Bankruptcy law, Anti-Money Laundering, Laws on the Prevention and Suppression of Terrorism Financing and the Proliferation of weapons of Mass Destruction computer law
           (2) Other necessary laws, including announcements and regulations issued under such laws both in Thailand and abroad.

  •   4.3 Legitimate Interest for the legitimate interest of the Company or other persons or juristic persons to the extent that you can reasonably expect, or for other purposes as permitted by law, such as:
  •   (1) Sound recording still image recording CCTV recording.
           (2) Preparation of meeting minutes broadcast video and audio for meetings recording still images and meeting motion pictures for use as evidence of the meeting Public relations through print and electronic media
           (3) Opinion polls participation in internal activities, announcement of results, parcel delivery, analysis, research, statistics
           (4) Risk management supervision Complaint Management within the organization and the financial business group, prevention, coping, and reduction of risks that may arise from fraud.
           (5) Cyber Threats breaking the law Checking electronic device usage data to improve work efficiency or check operational behavior litigation in court.
           (6) Anonymous Data
           (7) Applicant's information that has not been reviewed and the applicant's reference

  •   4.4 Consent to collect, use and disclose your personal information as necessary, such as
  •   (1) Health information to consider recruiting for work / providing welfare benefits for reimbursement for medical expenses / medical treatment at the hospital / sent to treat blood group disease.
           (2) Biometric data such as facial image data fingerprint mockup palm mockup for the purpose of verifying and verifying your identity for working hours/attending meetings/training seminars/joining activities/entering the building
           (3) Criminal history information for consideration for employment/qualification in the job for which you are responsible.
           (4) recording of still images or movies for the preparation of public relations media for the organization

  •   However, the group of activities in which the Company uses personal information of personnel to carry out all activities in accordance with the above purposes. It can be divided into groups of activities as follows,

Group of Activities

Group of PIIs

Legal Bases

Access Control Management

• Address / Contact Data
• Property Data
• Identity Data
• Employment Data
• Profile Data
• Evidence
• Biometric Data

• Contract
• Consent
• Legitimate Interest

Recruitment Process

• Identity Data
• Address / Contact Data
• Employment Data
• Profile Data
• Education Data
• Evidence
• Health

• Contract
• Consent

Audit Procedures

• Employment Data
• Identity Data
• Family Data
• Education Data
• Address / Contact Data
• Profile Data
• Transaction Data

• Legitimate Interest

Back-up, update database and IT troubleshooting

• Property Data
• Identity Data
• Employment Data
• Address / Contact Data

• Legitimate Interest

Company's Property Management

• Address / Contact Data
• Finance Data
• Identity Data
• Evidence
• Employment Data

• Contract
• Legitimate Interest

Customer Support,
Monitoring and Examination

• Employment Data
• Identity Data
• Transaction Data
• Address / Contact Data
• Profile Data

• Contract
• Legitimate Interest

Reporting and Notification Procedures

• Identity Data
• Employment Data
• Education Data
• Profile Data
• Transaction Data

• Contract
• Legitimate Interest

Documentation Procedures

• Identity Data
• Employment Data
• Profile Data
• Evidence
• Address / Contact Data

• Contract
• Legitimate Interest

Employees Point Activity

• Identity Data
• Employment Data

• Consent

Internal Personnel Record
and Management

• Identity Data
• Address / Contact Data
• Employment Data
• Profile Data
• Finance Data
• Evidence
• Transaction Data
• Biometric Data
• Family Data
• Education Data

• Contract
• Legitimate Interes
• Consent

Issuance and offering

• Employment Data
• Identity Data
• Education Data
• Profile Data

• Legitimate Interes

Litigation, Legal Procedures
and Legal Execution

• IT Data
• Address / Contact Data
• Profile Data
• Identity Data
• Employment Data
• Transaction Data
• Evidence
• Finance Data
• Family Data

• Contract
• Legitimate Interes
• Legal Obligation

Personnel Training
and Personnel Assessment

• Identity Data
• Finance Data
• Transaction Data
• Profile Data
• Address / Contact Data
• Employment Data

• Contract
• Legitimate Interes
• Legal Obligation

Personnel’s Financial Procedures

• Address / Contact Data
• Identity Data
• Employment Data
• Profile Data

• Contract
• Legitimate Interes

Personnel’s' Welfare Protection

• Finance Data
• Identity Data
• Transaction Data
• Employment Data
• Address / Contact Data
• Profile Data
• Evidence
• Health Data
• Family Data

• Contract
• Legitimate Interes
• Legal Obligation
• Consent

Social Security and Work Permit

• Finance Data
• Identity Data
• Employment Data
• Family Data
• Profile Data
• Address / Contact Data
• Evidence
• Health Data

• Legal Obligation

Tax filing, Payroll and Promotion

• Finance Data
• Identity Data
• Employment Data
• Address / Contact Data
• Profile Data
• Transaction Data
• Evidence

• Contract
• Legal Obligation

Promote organization

• Identity Data
• Employment Data
• Profile Data

• Contract
• Legal Obligation

Document Delivery

• Identity Data
• Profile Data
• Employment Data
• Address / Contact Data

• Contract
• Legal Obligation

Compliance with Data Subject Right

• Identity Data

• Legal Obligation

Recruitment and Resignation Procedures

• Profile Data
• Evidence
• Identity Data
• Employment Data
• Address / Contact Data
• Health Data
• Education Data
• Finance Data
• Family Data

• Legitimate Interes
• Contract
• Consent

  •   Company will process personnel’s personal data according to the stated purposes and scope. If there came upon a case where personal data were to be processed for other purposes, and it is unlikely to rely on other legal bases, Company would ask for new consent to process Easy Buy’s personal data on such uses.

5. Usage of Personal Data with Third-party Organization

  •   The Company may be required to personal data to external third-party organizations and process personal data in accordance with the contract or the legal obligation of Easy Buy. These organizations may include:
  •        • Financial Service for example Bangkok Bank (BLL), Siam Commercial Bank (SCB), etc.
           • Service Provider for example Japanese Association in Thailand, Tokio Marine, Siam Cosmos Services, General Outsourcing, Mitsui Sumitomo Insurance, Navasri Medical Center and APT Enterprise, etc.
           • Training Provider for example Pacrim Group, etc.
           • Government Agency including for example the Revenue Department, Department of Skill Development, Police Station, Court of Justice, Immigration Department, etc.

  •   For the case where personal data is being passed on the external third-party organizations, Easy Buy will ensure that the minimum amount of personal data is being sent and consider anonymization and pseudonymization techniques for greater security. Nevertheless, external third-party organizations who will process personnel’s personal data for Easy Buy will be required to have an appropriate privacy policy. Easy Buy does not permit these external third-party organizations to use the personnel’s personal data in a way that diverge from the agreed scope and purpose.

6. Transferring Personal Data to Foreign Countries

  •   Company may be required to pass on personal data to foreign countries, including Japan.
  •   For these cases, Easy Buy will pass on personnel’s personal data only when these requirements have been met. These include:
  •   - Receiving foreign country has a substantial personal data regulation in place.
           - Receiving organization has a substantial privacy policy in place and certified by the Personal Data Committee.
           - Receiving organization is obligated to follow a substantial privacy policy with a sufficient remedial measure in accordance with the procedures identified by the Personal Data Committee (including, but not limited to, standard contract, vendor process agreement)
           - A necessary task to exercise legal rights.
           - Consent has been received from appropriate individuals agreeing to the pass on of Personnel’s personal data to a foreign country that does not have a substantial privacy policy.
           - A necessary task to carry out contractual agreements of the personnel
           - A necessary task to carry out under a contractual agreement between two entities for the benefit of the personnel
           - To ensure the safety or limit further damage to an individual’s health who cannot give consent at the current time
           - A necessary task for the good of the public

7. Security Measures for Personal Data Protection

  •   Company has implemented security measures to ensure the security of personnel’s personal data. External third-party organizations must carry out the processing of personal data in accordance with Easy Buy’s policy and agrees to ensure the security of personnel’s personal.

8. Period for Retention of Personal Data Storage

  •   Company will store personnel’s personal data throughout appropriate period according to Easy Buy’s scope and purposes, including other important matters such as legal requirements, financing and auditing purposes as below following,

  •   8.1 Applicants
    who are not selected, the Company will keep your information for a period of 1 year from the date the results are known. for the company will be able to contact you in case there are any future positions that may be suitable for you.

  •   8.2 Employees and personnel of the Company.
    The Company will keep your information for a period of 10 years from the date of termination of employment as employee or personnel of the Company. For the purpose of proving and verifying cases that may arise within the statute of limitations

  •   The company will delete or destroy your personal information. or make it a non-personally identifiable information when it is no longer necessary or at the end of the said period

9. Personnel’s’ Personal Data Rights

  • Your personal data rights include:
  • - Right of Access – you have the right to request a copy of all your personal data and assess if the company is processing your personal data in accordance with the law or not
    - Right to Data Portability – for the case where a company has an automated platform allowing you to access your personal data automatically:
  •   o You have the right to ask for your personal data to be transferred automatically to other organizations
  •   o You have the right to ask for your personal data to be directly transferred to other organization, with the exceptions of cases where there is a technological limitation
  • - Right to Object – you have the right to object to any data process activity of your personal data for the legal bases, including:
  •   o Public Task or Legitimate Interest
  •   o Direct Marketing Purposes
  • - Right to Erasure – you have the right to request data deletion or anonymization, in accordance to the following cases:
  •   o Expiration of data processing required terms
  •   o Consent has been withheld
  •   o Objections raised on the data processing activity
  •   o The processing activity is not in accordance with the law
  • - Right to restrict processing – you have the rights to restrict any data processing activities, in accordance with the following cases:
  •   o During the process of personal data assessment as requested
  •   o For cases related to personal data which has initially asked for deletion and erasure but was followed by an additional request of processing restriction instead
  •   o For cases when the data processing terms have passed, but you have requested for processing restriction due to legal reasons
  •   o During the process of personal data processing objection verification
  • - Right to Rectification – You have the right to edit your personal data to be correct and concurrent to the present. If any mistake was detected, the company might not edit this themselves.

  •   In the cases where Easy Buy may not be able to carry out and exercise your rights, including, but not limited to, the cases where a legal process is taking place, you will continue to have the rights to retract your consent by emailing to all related parties. Easy Buy will be required to terminate all processes as soon as possible. However, the retraction only is carried out to all data processing after the retraction. Any data process activity carried out before the retraction will not be reversed. Please be informed that Easy Buy does record all requests to ensure all issues are resolved.

  •   In the case where you have the intention to exercise your personal data protection rights, or to file complaint against your personal data processing, please contact company’s DPO (contact details have been provided above) or you can apply the request form to the company by click : Data Subject Access Request Form.

  •   Easy Buy will process this request in a secure and timely manner.

10. Policy Revision

  •   This Privacy Policy applies to all Easy Buy’s Personnel and was last updated on December 1st, 2023. The Company holds the rights to review and edit the policy as the company sees fit.

Web Browser Recommended: Internet Explorer version 10 or later, Mozilla Firefox, Safari, Google Chrome