บริษัท อีซี่ บาย จำกัด (มหาชน)
EASY BUY PUBLIC COMPANY LIMITED
Search | ภาษาไทย English

Privacy Policy for Job Applicants and Personnel

EASY BUY Public Company Limited

Last Updated May, 2021

   EASY BUY Public Company Limited (hereinafter referred as “Company”) recognizes the importance and duty under Personal Data Protection Act B.E. 2562 for prioritizing your privacy right and committed to protecting personal data of everyone safely. This privacy policy shall apply to personal data of job applicants and personnel of the company to inform and explain how does the company collects your personal data, which personal data that company collects, what are the purpose of processing data, how does the company disclose your data, what are the measures apply to protect your data including your legal rights as a personal data subject. Details as below;

1. Who are this policy apply for

  •   This policy is setting for personal data of job applicants and personnel of the company such as Directors, consultants, management, current employees, former employees, trainee and who involve with personnel of the company such as the members in employee’s family, emergency contact person etc.

2. Personal data means

  • 2.1 Personal data means data relating to the person that can directly or indirectly identify person but not including data of deceased persons such as name-surname, telephone number, address, e-mail, Identification Number, photo or work history etc.
  • 2.2 Sensitive personal data means personal data that specially categorized by law such as nationality, political opinion, religious or philosophy belief, sexual behavior, criminal record, health information, disability, Union information, Genetic information, Biometric information or other similar data which prescribed by law that company must proceed with extra care. By the company will collect, use and/ or disclose sensitive personal data when received your explicit consent, or in the event that company is necessary to proceed as permitted by law.

  •   In case that the company received your Identification Card or the company electronically takes your data from the Identification Card to proof your identity when applying for a job. To change employee’s data, request and/or any transaction with the company, the data that will be collected will also include religious data that can be specify as sensitive personal data, the company does not have policy to collect your sensitive personal data. Except for the case that the company received your consent. The company will establish procedures for management according to guideline and as permitted by law.

3. Personal data collected by company

  •   The company collects your personal data as necessary according to the purpose of using data that the company will explain you in the next step. Therefore, the classification of personal data collected by the company are as follows;

3.1 For Job Applicants

Type of personal data

Details

General personal data

Such as prefix, name, surname, nickname, gender, photo, weight, height, date of birth, age, nationality, Identification Number, current address, registered address, Email, telephone number, Marital status, Military status, educational background and work history

Sensitive personal data

Such as health information and criminal record by received your explicit consent or permitted by law

Other data

Such as resume, Curriculum Vitae (CV), learning history, skills, ability, certificated, data from test or interview and CCTV record

3.2 For Employees and Personnel of the company

Type of personal data

Details

General personal data

Such as prefix, name, surname, nickname, gender, photo, weight, height, date of birth, age, nationality, Identification Number, Passport Number, Social Security Number, Driver License Number, Tax Identification Number, Bank Account Number, Umay+ Card Number, Vehicle Registration Number, current address, registered address, Email, telephone number, marital status, military status, educational background and work history

Sensitive personal data

Such as health information, criminal record, fingerprint and face recognition for facial recognition system by received your explicit consent or permitted by law

Employment data

Such as employee ID, job position, department, employee status, start date, resign date, service year, performance, wages and compensation, working time record, overtime, statistics of leave, training, provident fund, welfare and benefits utilize, resignation reason, probation evaluation, promotion, assignment, movement, changing job position and punishment

Other data

Such as resume/ Curriculum Vitae (CV), learning history, skills, ability, certificated, information from test or interview, social media communication information, financial information, opinions, location, IP address, sound record, CCTV record, photo or video from participating activities held by the company, and any other data considered as personal information prescribed by the law.

Third party data

Such as spouse, family member, reference person or emergency contact person and beneficiary person from various welfare by collected personal data such as name, surname, relationship, telephone number and other data as necessary

4. Source of personal data

  • 4.1 Received personal data from you directly
  •   From the recruitment process, filling information in job application, attachment for consideration and selection for work, doing questionnaire, interview including information and your update information from employment or various process during the time you are employee or personnel of the company.

  • 4.2 Received personal data from other sources
  •   Company may collect your data from other sources such as recruitment agent, job search website, information from reference person or certifying person, information from other background checks, information from GPS, network which is necessary as permitted by law

  • 4.3 Personal data from third person
  •   Company may receive third party information who is relevant to you to provided information for the company such as a spouse, children, father, mother, family member, emergency contact person, beneficiary person, reference or former employer, whose information is used by the company to manage your welfare and benefits or to contact in case of emergency or to adduce necessary information for you. Therefore, please inform about this privacy policy and request consent from such third person if necessary. Unless, there were other legal basis to disclose personal data of third party to the company without receiving consent.

5. Purpose of collecting, using or disclosing personal data

  •   Company collect, use or disclose your personal data with the purpose under the base of data processing as following;

  • 5.1 Comply with contract (Contractual Basis)
    to comply with contract which you are a Counterparty such as an employment contract or any other contract to be used in the processing of your request / your job application before enter into the contract case by case.
  • 5.2 Comply with the laws (Legal Obligation) to perform duties as prescribed by law such as Labor Protection Law, Social Security Law, Compensation Law, Labor Relations Law, Provident Fund Law, Tax Law, Anti-Money Laundering Law and Computer Law.
  • 5.3 Legitimate Interest for the legitimate interests of the company without exceeding the limits you can reasonably expect which will not violate your basic or freedom rights.
  • 5.4 Consent The company will request your consent in case prescribed by law or company has no reason to use the above base of processing to processing personal data that have collected from you.

Purpose of Job Applicants

  Company collect, use or disclose your personal data with the purpose as following;

Purpose of operation

Details

Base of data processing

1. For the recruitment process

To consider the selection of the job applicants, assess the suitability of the job position that company would like to recruit to perform various procedures such as recruiting, testing, interviews, assessment, selection, including offering the employment to you.

• Contractual Basis
• Legitimate Interest

2. To check the background and qualifications before employment

1) To check that you used to have working history or applied for a job with the company before or not.

2) To assess your abilities or qualifications under the limit permitted by law such as professional qualifications, health information, criminal record including asking information from the reference person that you have provided the information for the company.

• Contractual Basis
• Legitimate Interest
• Consent

3. For internal management regarding the employment process

For internal management regarding the employment process such as submitting candidate information or report the interview to the authority who can make decision for selection or relevant departments, internal processes for the preparation of employment contracts, training and other processes that must be prepared for new employees.

• Contractual Basis
• Legitimate Interest

4. To consider other suitable positions in the future

For your benefit, if you not success in your applied job position. Company will keep your personal data for 1 year to consider and contact you in case there were any position in the future that may suit you.

• Legitimate Interest

5. For security inside the building or the company's area

For security inside the building or the company's area, ticket exchange before entering the office / branch area including recording video inside the company's area with CCTV.

• Legitimate Interest

Purpose of Employees or Personnel of the company

  Company collect, use or disclose your personal data with the purpose as following;

Purpose of operation

Details

Base of data processing

1. To perform process and procedure in accordance with employment contracts or any other contract which related to the employment between you and the company

1) To perform various process and procedure throughout the period of employment such as the preparation of list staffs, employee’s information, employee cards, probation evaluation, update employee information, annual leave management, types of leave, informing of pregnancy, requesting a certificate, resignation including processing your other requests.

2) To perform Personnel Management process such as training, skills and knowledge development, assignment, authorization, appointment, movement, changing job position, reorganization, performance assessment, promote, salary adjustments, bonus payments including support for career paths and succession planning.

3) To check and verify your identity to record working hours and / or to enter the company's area for work, meeting, training, seminar, or participate various activities of the company. By the company shall collect your fingerprints data and/or your face recognition for facial recognition system with your explicit consent or as permitted by law.

• Contractual Basis
• Legitimate Interest
• Consent

2. To perform compensation, welfare and benefits

1) To perform wages or other compensation such as check time in / time out, OT, working on holiday, type of leave, absent or desertion, preparation of payroll including payroll and compensation process.

2) To provide your welfare and benefits such as the annual health check, employee and family health insurance, provident fund, housing loan, emergency loan, benefits subsidies such as marriage, childbirth, family or employee death, earning and redemption (Employee Point), Japanese Management subscription.

• Contractual Basis

3. To perform the relevant laws

1) To comply with various laws such as preparation employee’s registration, tax deductions and payments, social security deduction, freezing and remitting salary, bonus and other compensation according to the order, warrant or notice to freeze and remit money according to the law such as the execution and student loan fund.

2) To perform the establishment of Welfare Committee, Safety Committee, Safety Officer and perform activities as required by law.

3) To perform about leave considerations or medical information related to health imperfection or disability for labor protection including helping you in case of getting injured from work for health and safety in workplace.

• Legal Obligation

4. To support information and various process in the company

1) For reporting, analyzing, making statistics in the field of finance and business for management, budget planning, accounting management and business planning.

2) To support information for implementation of various procedure or process in the company, which may transfer your information to the relevant departments by use information as necessary and according to the purpose of each process.

3) To set authorized for using various systems and accessing to personal data, supporting tools and equipment to facilitate in working for you.

4) To perform company asset management which given to employees such as access card, key, mobile phone, computer / notebook and car.

5) To perform itinerary or accommodation related to work, disbursement of expense for traveling to work outside, itinerary reimbursement including reimbursement of various expenses related to work.

• Contractual Basis
• Legitimate Interest

5. To perform various activities for employees both inside and outside the company

1) To set or participating in various activities both inside and outside the company including the announcement of results or promote activities, which may use personal data such as your name-surname, photo or video from participating activities publish to promote according to the objectives of each activity.

2) To provide training, seminar / observe including outside activities for your convenient, the company may disclose your personal data as necessary to external service providers to prepare bus, food, accommodation and various places for you.

3) To test your knowledge and understanding, taking a questionnaire or survey for your opinion and evaluating results from such tests or surveys.

• Contractual Basis
• Legitimate Interest

6. For audit, supervision and risk management

1) To check the communications related to work, the company is required and reserved the right to monitor and check electronic communications which sent by network account or equipment that company given to you for work. In order to ensure that the company's information resources being used correctly, in accordance with the law and the company policy.

2) To supervise the Operation to be effective and conform to Company Rules and Regulations.

• Legal Obligation
• Legitimate Interest

7. For security inside the building or the company's area

For security inside the building or the company's area, ticket exchange before entering the office / branch area including recording video inside the company's area with CCTV.

• Legitimate Interest

8. To manage information for former employees

1) For business continuity management, to understand and collect the evidence of decisions in your role and maintain knowledge to remain with the business after you have resigned from the company.

2) The company may ask you to do an interview to understand the reason why you have decided to resign from the company, by the company needs to use information for analysis, improve operation and maintain the company's employees.

3) The company will collect your data for 10 years from the end of employee or personnel status of the company date, for the purpose of checking and investigating in case of disputes occur within the prescription prescribed by law.

• Legitimate Interest

6. Disclosure of your personal data

  •   To perform according to the purposes specified in this policy, your personal data may be disclosed or submitted to various departments in the company and personnel or external organizations as follows;

6.1 Inside the company

  •   Your personal data may be disclosed or submitted to various departments in the company, only relevant and have a role as necessary only for the purpose by these personnel or teams of the company may allowed to access your personal data as needed and appropriated;
  •   • Personnel Management Officer or other department officer only relevant by set authorized to access data according to the roles and responsibilities.
  •   • Your Management or Direct Supervisor who is responsible for managing or making decisions about you or when dealing with personnel procedures.
  •   • Department or support teams such as IT Department, Administration Department and Accounting.

6.2 Outside the company

  •   Your personal data may be disclosed or sent to external organizations as follows;

  • 6.2.1 Government Organizations, Regulators or other organization as prescribed by law
    Such as Revenue Department, Social Security Office, Department of Labor Protection and Welfare, Legal Execution Department, Student Loan Fund, Department of Skill Development, National Office for Empowerment of Persons with Disabilities, Bank of Thailand, Securities and Exchange Commission, Ministry of Commerce and Ministry of Labor or any other organizations with legally competent.

  • 6.2.2 Agent, Contractor / Sub-Contractor, Service Provider for any operation
    Such as preparation of payroll, provident fund, housing loans, health insurance, accident insurance, training, employee points, company management evaluation, booking itinerary and accommodation, external auditors, consultant in various fields. Therefore, when the company using external service provider, the company must ensure that those service providers comply with legal requirements and your personal data will be protected by appropriate technical and organizational measures.

  • 6.2.3 Organizations or Third Parties
    The company may disclose your data to organizations or third parties who have inquiries for the purpose of verifying your various transactions such as apply or use credit service, apply for a job by company will disclose your data by confirm only the employee status and other information as you have disclosed to the said organization or third party only.

  Including in case that the company have received your consent letter to disclose the data from external organization such as your new employer. The company may disclose your data to confirm the previous employment or providing your data to the educational institution that you have studied to improve the quality and education standards or the quality of graduate research project.

7. Sending or transferring personal data to other countries

  •   The company may need to send or transfer your personal data to affiliated companies in other countries, send or transfer data to other data recipients such as sending or transferring personal data to store in server or Cloud in other countries which is a part of the business operation of the company, the company will consider to ensure that the destination country has sufficient personal data protection standards as prescribed by law.

8. Retention and term for retain your personal data

  •   The company will retain your personal data as long as necessary while you are job applicant, employee or personnel of the company or all the time as necessary in order to achieve the relevant purpose in accordance with this policy. Therefore, the company may need to keep retaining your data as required or permitted by law such as

  • 8.1 Job applicants
    Who have not been recruited, the company will retain your data for a year counting from the result date, the company may contact you in case there is a job position in the future that may suit you.

  • 8.2 Employees and Personnel of the company
    The company will retain your data for 10 years from the end of employee or personnel status of the company date, for the purpose of investigate in case a dispute occurred within the prescription prescribed by law.

  •   Therefore, company will erase or destruct your personal data or make it non-identifiable data when it is no longer necessary or at the end of the mention term.

9. How does company protect your personal data

  •   The company will retain your personal data very well in accordance with Technical Measures and Organizational Measure in order to secure personal data processing appropriately and to prevent personal data breach, by company has set the policies, regulations and criteria for the protection of personal data, including measures to prevent the data recipients of the company to use or disclose data over the purpose, without authority or dishonestly, and the company has updated the said policies, regulations and criteria periodically as necessary and appropriate. Moreover, Management, employees, contractors, agents, consultants and data recipients of the company has a duty to keep the confidential of personal data in accordance with the confidentiality measures set by the company.

10. Data Subject Rights

  •   In term of right, it refers to the right related to your personal data, you may request to use these rights with the company under prescribed by law and the company's rights management process.

  • 10.1 Right to consent withdrawal
  •   If you have given consent to the company to collect, use and disclose your personal data, you have the right to withdraw such consent at any time throughout the period your personal data available to the company, unless it is restricted by laws or you are still under beneficial contract. Therefore, withdrawal of your consent may affect to you, please learn or ask for the effect before withdrawing your consent for your own benefit.

  • 10.2 Right to access the personal data
  •   You have the right to access your personal data and request to the company to copy such personal data for you, including request the company to disclose the acquisition of personal data that you did not given consent to the company, if you are current employee of the company, you can access your personal data by yourself through the company system.

  • 10.3 Right to transfer the personal data
  •   You have the right to obtain your personal data in case of the company organizes such personal data in automatic machine-readable or usable format and can be processed or disclosed by automatic methods, including the right to request the company to send or transfer the personal data in the said format to other data controllers that can be done by automatic methods and request to obtain the personal data which sent or transferred by the company directly to other data controller except it cannot be performed due to technical reasons.

  • 10.4 Right to object the data processing
  •   You have the right to object the processing of your personal data, if collection, usage and disclosure of your personal data is conducted for legitimate interests of the company which is within your reasonable expectation, except the company can show a legal basis that it is more important than your basic rights or to confirmation, legal compliance or to defend in legal proceedings as the case may be.

  • 10.5 Right to erasure or destruction the personal data
  •   You have the right to request for the company to erase or destroy your personal data or make it non-identifiable data, if you believe that the collection, usage and disclosure of your personal data is against the laws or company is no longer necessary for retentions according to related purposes or when you request to withdraw your consent or use the right to object the data processing.

  • 10.6 Right to suspend the personal data
  •   You have the right to request the company to suspend using your personal data. In case of during the verification period, your rectification or objection request or in case of the company is no longer necessary and must be erase or destroy your personal data according to relevant laws but you request company to suspend using instead.

  • 10.7 Right to rectification the personal data
  •   You have the right to request the company to rectify your personal data to be updated, completed and not misleading, if you are current employee or personnel of the company, you can rectify your personal data according to the company's procedures.

  • 10.8 Right to complaint
  •   You have the right to complaint to the relevant legal authority, if you believe that collecting, using and / or disclosing your personal data is a manner that violates or fails to comply with the applicable laws.

  •   Your exercise of the rights above may be restricted under relevant laws and in some case it may be necessary for the company to deny or not be able to proceed your requests such as the company needs to comply with the laws or court orders or your request in breach of rights or freedom of other persons, or the company needs to use the claims in accordance with the relevant law to retain such information by the company will inform you the reason of rejection.

  •   If you wish to use your right above, you may send a request to the company by clicking Data Subject Request Form

11. Changes to Privacy Policy

  •   The company will always review this Privacy Policy to comply with the relevant guidelines, laws and regulation. Therefore, if there were any changes due to the Privacy Policy, the company will inform you by posting an information on the company’s website.

12. Contact Company and Data Protection Officer

  •   If you have any comments or questions for more details about this Privacy Policy including data subject requests according to this policy, please contact;

  • EASY BUY Public Company Limited
  • Personnel Management Department
  • Rasa Two, 8th-11th Floor 1818 Phetchaburi Road, Makkasan, Ratchathewi, Bangkok 10400
  • Tel: 0-2079-0999
  • Email: pn.center@easybuy.co.th
  • Data Protection Officer
  • Rasa Two, 8th-11th Floor 1818 Phetchaburi Road, Makkasan, Ratchathewi, Bangkok 10400
  • Email: dpo@easybuy.co.th

Web Browser Recommended: Internet Explorer version 10 or later, Mozilla Firefox, Safari, Google Chrome