Announcement Personal Data Policy

KOYO Marketing and Processing Asia Co., Ltd. (hereinafter referred to as the “Company”) recognizes and gives great precedence to the protection of personal data. And, in order to provide the personal data owner to be confident that the Company will process the personal data of the personal data owner in accordance with the provisions of the law relating to personal data, and, in order to inform the personal data owner about the purpose, the method that the Company collects, processes, uses, reproduces and/or discloses personal data, including putting personal data into computer system, as well as the rights of the personal data owner, therefore, the Company has prepared this Announcement Re: Personal Data Policy (hereinafter referred to as the “Announcement”) and deems it appropriate to declare this Announcement to be effective from the date of announcement onwards.

Article 1. Definitions

  • Company means KOYO Marketing and Processing Asia Co., Ltd. and includes its affiliated and group companies which exist either at the time of this Announcement or after this Announcement comes into force and includes the persons assigned and ordered by the Company to carry actions according to the objectives of this Announcement.

 

  • Personal Data means information related to a person which can either directly or indirectly identify individual person in accordance with Personal Data Act but not including the information of the deceased in particular.

 

  • “Personal Data Owner” or “Owner” means the owner of Personal Data or a person who has the right to Personal Data which has provided Personal Data to the Company and the Company manages such Personal Data. In this regard, the person who provides Personal Data to the Company shall also be considered the owner of such Personal Data.

 

  • Personal Data Controller means an individual or a juristic person that has the authority to make decisions about the management of Personal Data.

 

  • Personal Data Processor means an individual or a juristic person that are involved in the management of Personal Data or follow the instructions or on behalf of the Personal Data Controller of such Personal Data. However, such individual or juristic person who does the said actions does not act as a Personal Data Controller.

 

  • Management of Personal Data means any action with Personal Data such as storing, collecting, processing, recording, arranging system, using, reproducing, adjusting or modifying, sending, transferring, disclosing, enabling accessing, prohibiting or limiting accessing, sorting, consolidating, deleting or destructing, including importing Personal Data into a computer system.

 

  • Person means a natural person.

 

Article 2. Personal Data Protection

 

The Company will conduct the Management of Personal Data for the purposes as informed only by using the method which are suitable, lawful, fair, transparent and necessary for operation in accordance with the purpose of the Company and/or group/affiliated companies or the person who is designed by the Company only. The Company will inform the Owner to acknowledge if the Management of the Personal Data is different from the purposes as informed.

 

In the Management of Personal Data of the Owner, the Company will arrange to have the Owner give consent in writing or in accordance with the method as designated by the Company except in the case of exceptions as stipulated by the Personal Data Protection Act or other laws as follows:

 

  • To achieve the purpose relating to the preparation of the historical documents or the archives for public interest, or relating to research or statistic, in which the suitable measures is provided to safeguard the Owner’s rights and freedoms.
  • To prevent or suppress a danger to a person’s life, body or health.
  • To be necessary for the performance of a contract to which the Owner is a party, or in order to take steps at the request of the Owner prior to entering into a contract.
  • To be necessary for the performance of a task carried out for the public interest or for the exercising of state official authority.
  • To be necessary for legitimate interests of the Company or any other persons or juristic persons other than the Company, except where such interests are overridden by the fundamental rights in Personal Data of the Owner.
  • To be in compliance with law by the Company.

 

The Company shall not collect Personal Data from any other source, apart from the Owner directly, except where the Company has informed the Owner to acknowledge within 30 days from the date of collection of Personal Data and receiving the consent from the Owner or where it is a collection of Personal Data which falls within the exceptions to request consent as stipulated under the Personal Data Protection Act or other laws.

 

The Company will conduct the Management of Personal Data for the purposes and benefits in the operation of the Company and/or group/affiliated companies and/or parties of contracts including for the benefit of the Owner whether the Management of Personal Data is done by or on behalf of the Company and/or the person designated by the Company. The Company would like to assure that all Personal Data of every Owner will be protected, kept and accessed safely.

 

Article 3. Purpose in Management of Personal Data

 

With respect of the Personal Data of the Owner who consents to the Company to conduct the Management of Personal Data, the Company will conduct the Management of Personal Data the information for the purposes and benefits as follows importantly:

 

3.1       In the case where the Owner is the employee of the Company or has ever been the employee of the Company or applies for working with the Company.

             

Clause Purpose
(1) To verify the accuracy of the document, data, to check behavioral conduct, to confirm or identify an identity of the employee or a person based on information or document submitted to the Company as well as to check criminal records and prosecution records, judicial judgements before joining to work with the Company, while being the employee of the Company or after terminating being the employee of the Company.
(2) To administrate and manage human resource of the Company such as recruitment, testing, interviewing, verification of education history and work history, verification of qualification and suitability in position, training, internship, work visit, personnel development, working skill and capacity evaluation, data analysis, report, research, preparation of statistics, appointment, relocation, change of position, change of organization, etc., throughout the time that the Owner is an employee of the Company.
(3) To comply with an employment contract or any other contract, or to use in the execution of an agreement between the Company and the Owner, or to implement in accordance with the Company’s work regulations such as working hour record, leave record, etc.
(4) To prepare for the operation of employee such as employee registration, employee card preparation, working equipment, accessing to the necessary systems, visa application or visa renewal, work permit, application for work permit or renewal of work permit and updating the information in the database of government agencies to be up-to-date, etc.
(5) To use in compliance with laws relating to labor protection, social security, tax and other laws.
(6) To carry on various transactions relating to payment, payment of compensation, welfare benefits.
(7) To conduct relating to health check and/or for the benefit relating to the Owner’s life, health or safety.
(8) To carry on activities for employees such as organizing activities or participating in various activities or publicizing various activities, etc.
(9) To communicate with the Owner or to inform the Owner for acknowledgment or for compliance.
(10) To coordinate or inquiry, verify information, link information, and/or forward information to government agencies, fund as required by laws, other entities, other persons or group/affiliated companies whether through any type of communication system such as post, email, telephone, line, etc.
(11) To communicate or conduct by the Company with government agencies or fund as required by laws, or banks including insurance companies related to welfare that the Company provides to the Owner.
(12) To conduct relating to the Company’s business operation, the compliance in accordance with the agreement in business operation such as the Company’s work contact or business dealing, applications to government agencies, power of attorney, preparation of statistics, research and business development of the Company, compliance with any policies of the Company etc., or to use in approval, granting authorization or any proceeding in working.
(13) To support various operations of the Company such as management, finance, budget planning, accounting including reporting, analysis, statistics, etc.
(14) To conduct in various cases as specified in Announcement Re: Personal Data Policy of the Company which the Company has already announced or will announce.
(15) To conduct for the benefit of the Company to keep the Owner’s Personal Data for a period of time as required by law.
(16) To improve or update computer data by third parties to access for the purpose of processing and/or verifying the correctness of Personal Data at the request of the Company.
(17) To conduct any action of the Company that benefits to the Owner.

 

3.2         In the case where the Owner is the person not the case of Clause 3.1.

 

Clause Purpose
(1) To carry out activities related to the Company’s business operations, such as various work or business coordination related to the Company, consideration, approval and/or authorization related to business operations with the Company, relationship management, etc.
(2) To carry out the activities or projects of the Company, including to disseminate public relations through various channels or media.
(3) To be used as information for granting permission to enter the area and/or use the Company’s assets.
(4) To carry out supporting operations of the Company such as planning, reporting, forecasting, analysis, statistics, risk management, due diligence, background check authentication and verification and/or authentication of delegation of powers, authorizations, etc., for management, budget planning and accounting management.
(5) To proceed with the transfer of rights, obligations, liabilities and any benefits.
(6) To comply with the policies or rules that the Company has set or participated in.
(7) to investigate, inspect in the case where there are complaints, or to prevent corruption, or to investigate and prevent bribery or accepting bribes, corruption, fraud, embezzlement, sexual harassment or any act that is unlawful.
(8) to establish legal claims, dispute or fight legal claims. litigation, as well as proceed to enforce legal cases.
(9) To comply with the laws applicable to the Company that requires the Owner’s Personal Data, such as tax-related laws, etc., including regulations, requirements by law or government agencies, before, while or after this Announcement comes into force or subpoenas, notifications, orders of officials, agencies having duties and powers under law.
(10) To report or disclose information to shareholders, auditors, various agencies such as Revenue Department, Department of Lands, Office of the Board of Investment, etc.
(11) To manage health and safety, such as measures to check or prevent communicable diseases or epidemics, etc.
(12) To perform the contract or to use in the execution of an agreement with the Company.
(13) To carry out various transactions, payments, receipts.
(14) To contact the Owner or to inform the Owner to acknowledge or to act.
(15) To coordinate or inquire, confirm information, link information and/or forward information to government agencies, other agencies, other persons or companies in the group/affiliates whether through any type of communication system such as post, email, telephone, line, etc.
(16) To carry out the various cases specified in Announcement Re: Personal Data Policy. of the Company which the Company has already announced or will announce.
(17) To operate for the benefit of the Company to keep the Owner’s Personal Data for the period required by law.
(18) To support the information technology systems including applying for access to electronic systems or opening rights to access or use internet or various electronic systems, the use of information, maintenance of system and information technology applications, various system checks to prevent illegal use or contrary to the Company’s policy.
(19) To upgrade or update computer data by third parties to access, process and/or verify the correctness of Personal Data at the request of the Company.
(20) To do any actions of the Company that benefits the Owner.

 

If the Owner rejects or does not give Personal Data to the Company for the above-mentioned purposes, the Company may not consider and/or may not manage Personal Data and/or may not propose nor procure nor service nor do the transaction to the Owner.

 

Article 4. Types of Personal Data

 

The types of Personal Data of the Owner which the Company will conduct the Management of Personal Data is as follows:

 

  • General Personal Data

 

Clause Information
(1) Information that to be used for identifying person such as name, surname, ID card number, passport number, date of birth, gender, age, nationality, signature, photo, driver’s license information, professional license number, employee code (in the case of the Company’s employee), etc.
(2) Information that to be used in contact such as domicile address, current address, telephone number, e-mail address, etc.
(3) Information relating to finance such as bank account number, list of assets and debts, information that the Company needs to use for contact with fund for student loan, and/or information that the Company must comply with the law relevant to the Student Loan Act, etc.
(4) Information relating to the company or agency having been working with such as the former company or agency, place of work, job title, etc.
(5) Information relating to education history, work history including the date and reason of the termination of the employment contract, and contact information after terminating work, training history, skill test, expertise, past experience to present.
(6) Information relating to family such as marital status, spouse, children, father, mother, brother-sister with the same parents, etc.
(7) Information relating to hobbies, personal interests.
(8) Information recorded by closed-circuit cameras, information from meetings, activities, projects, etc., whether through visual and/or audio.
(9) Information relating to public health such as epidemic testing history, screening information according to epidemic prevention measures, etc.
(10) Information related to opinions, suggestions, and complaints.
(11) Information relating to working as an employee, such as date of entry, position, wage rate, time attendance, leave days, absence, disciplinary action, work performance, wage adjustment history, compensation, benefits, position adjustments transfer of positions, etc.
(12) Information relating to the person that the Company can contact in the event of an emergency by which such person has given written consent to the Company.
(13) Information relating to health insurance and life insurance.
(14) Other information that the Owner provided to the Company.
(15) Information relating to contracts or agreements made with the Company.
(16) Information relating to information technology for use in applying for accessing into electronic systems or opening rights to access or use internet, various electric systems or other applications such as such as email, website, Facebook, LINE, YouTube, etc., or other online media.

 

 

 

 

  • Sensitive Personal Data

 

Clause Information
(1) Information relating to race, ethnicity.
(2) Information relating to religion, belief in a cult, or philosophy.
(3) Information relating to criminal history.
(4) Information relating to health, disease, disability, blood type, history of treatment or symptoms of disease or disability.
(5) Information relating to political opinions, joining labour union.
(6) Information relating to genetic and biological information such as face recognition systems, voice recognition systems, and fingerprint to identify or verify identity, etc.

 

Article 5. Database

 

The Owner’s Personal Data will be handled in a secure way, be protected from unauthorized or accidental access or use, including deletion and/or making demolition accidentally. The Personal Data will be stored in relevant databases such as:

 

  • Account and Finance System
  • Human Resource Management Operation System
  • Procurement System
  • Customer Relationship Management System
  • Business Risk Management System

 

Article 6.  Duration in Collecting Personal Data

 

The Company shall retain the Owner’s Personal Data for a period not exceeding at least 1 year from the date that the legal relationship between the Company and the Owner is terminated. However, the Company may retain Personal Data beyond such period if it is required or permitted or necessary by applicable law or the establishment of legal claims within the duration of the prescription period for litigation that may arise from or in connection with the Owner’s documents or Personal Data.

 

After the expiration of the said period, the Company will delete or destroy Personal Data without the consent of the Owner.

 

Article 7. The Owner’s rights in relation to Personal Data

 

The Owner has various rights in relation to Personal Data subject to the rules, procedures and conditions of relevant laws as follows:

– the right to request to access to the Owner’s Personal Data

– the right to request to forward or transfer Personal Data, except where it is impracticable

– the right to object to the Management of Personal Data

– the right to request to delete Personal Data

– the right to request to suspense the use of Personal Data

– the right to request to correct Personal Data to be correct or kept it up to date

– the right to file a complaint in the event of a violation of the Personal Data Protection Law

– the right to withdraw the consent in relation to Personal Data that has been given to the Company, but such withdrawal will not affect the Management of Personal Data for which the Owner has given his rightful consent. In the event that the withdrawal of consent affects the Owner in any matter, the Company will notify the Owner of such impact.

 

 

In this regard, in exercising such right, the Owner must submit to the Company a written request for exercising rights in the form prescribed by the Company. And, the Company has the right to require the Owner to verify his/her identification before exercising rights as the Owner of Personal Data. In addition, the Company reserves the rights to consider the Owner’s request and take action as required by applicable law.

 

Article 8. Disclosure of Personal Data and Forwarding or Transfer of Personal Data to Abroad

 

8.1         Disclosure of Personal Data

 

The Company may disclose the Owner’s Personal Data to the following persons for example:

 

8.1.1           Group companies, affiliated companies of the Company

8.1.2           Bank or financial institution

8.1.3       Agents, contractors, subcontractors service providers to perform operations for the Company such as lawyers’ offices, accounting offices, auditors, consultants, insurers, service providers such as transportation, marketing, trainings, seminars, recreations, public relations, human resource management, financial accounting, information technology including the agents of said persons, etc.

8.1.4       Government agencies, regulatory agencies, state enterprises, various organizations, various agencies, including officers, operators of organizations and agencies

8.1.5       Agencies, organizations or individual persons involved in litigation claim, arguments, complaints, allegations, etc.

8.1.6       Persons having business relationship where necessary for the performance of a contract or agreement

8.1.7           Shareholders of the Company

8.1.8          Assignee of rights, obligations, liabilities or any other benefits from the Company

 

In this regard, the Company will arrange for those who have been disclosed above to strictly comply with the law and to use particular for the purposes informed and for business development or for the work or business of the Company or the Owner only.

 

8.2         Forwarding or Transfer of Personal Data

 

The Company may have a need to forward or disclose or transfer the Owner’s Personal Data to abroad, for example to group/affiliated companies located in abroad, etc. The Company will conduct within the purposes or benefits stated in this Announcement, including the Company will comply with the agreements, requirements, rules and regulations of group/affiliated companies in abroad. However, the Company will strictly maintain the standards of protection of Personal Data of the Owner and the confidentiality of the individual person.

 

In the event that the Personal Data is transferred to the destination country where the personal data protection standards are insufficient as those under applicable law in Thailand, the Company will take necessary actions to protect the Personal Data forwarded, disclosed, or transferred to person in abroad to receive the same level of protection that the Company protects the Owner’s Personal Data.

 

 

 

 

 

 

 

Article 9. Responsible Person and Method to Contact the Company

 

If the Owner desires to amend, change the personal data or request for the copy of personal data or has suggestions or wishes to inquire Personal Data or to question regarding the Personal Data of the Owner or to exercise the rights as specified in this Announcement, please contact:

 

KOYO Marketing and Processing Asia Co., Ltd.

Contact Address At No. 725 Metropolis Building, 20 Floor, Room no. 56, Sukhumvit Road,

Khwaeng Prakhanong-Nua, Khet Wattana, Bangkok Metropolis 10110

Phone Number +66 (0) 38-109375

 

 

Data Protection Officer : DPO

Contact Address At KOYO Marketing and Processing Asia Co., Ltd. Amata City Chonburi Industrial Estate 700/38  Moo 6 T.Nong-maidaeng, A.Muang Chonburi, Chonburi  20000

Phone Number     +66 (0) 38-109375

E-Mail                 nattaphong@kmpa.co.th

 

Article 10. Confirmation and Change of Personal Data

 

In the event that the Personal Data has changed, the Owner of the Personal Data is obliged to notify the change and confirm the changed Personal Data to the Company in accordance with the form and method specified by the Company. In order to keep Personal Data to be updated, accurate and appropriate, the Company may from time to time inform the Owner to verify and confirm the Personal Data collected by the Company. In such case, the Owner must verify and confirm Personal Data within the period specified by the Company.

 

Article 11. Amendments of Announcement

 

The Company reserves the right to amend this Announcement or regulations, or any methods after this Announcement comes into force in order to conduct the Management of Personal Data properly without obtaining consent from the Owner of the Personal Data before processing. In this regard, the Company recommends the Owner to check the amendment of Announcement (if any) from time to time.

 

Article 12. Enforcement

 

This Announcement comes into force from the date on which it is announced onwards. Any regulations which are contrary to this Announcement shall become invalid as from the date this Announcement becomes effective. In the event that an interpretation or a new practice is required, the Authorized Director of the Company shall have authority for all operations.

 

 

Announced on 31st May 2022