Personal Data Protection Act
Privacy Center
Guidelines on Personal Data Protection Policy (Revised version 2021) Dated 1 April 2021>
Chapter 5 Personal Data of Business Partners and Counterparty

Guidelines on Personal Data Protection Policy of IRPC Public Company Limited
(Revised version 2021) Dated 1 April 2021


Chapter 5
Personal Data of Business Partners and Counterparty
5.1 Your Personal Data Collected by the Company
Your personal data that the Company has collected, used or disclosed, including but not limited to the following types of personal data:
1)
Personal data such as name- last name, name title, gender, date of birth, ID card number, passport number, tax ID number, position, nationality, age, work experience or employment record, skill, expertise, including sensitive personal data such as religion, race and health data whereby the Company has been granted with your legal consent or when deemed necessary as required by law.
2)
Contact data such as address, telephone number, mobile phone number, e-mail
3)
Financial and business data such as savings account number, transaction data, price and product details
4)
Other personal data such as data relating to the use of IT system and websites of the Company, CCTV recording, voice recordings from meetings
5.2 Sources of Personal Data
The Company may collect your personal data as you directly provide your personal data to the Company such as exchange of name card, providing data for consideration on qualification, entering into contract etc. Moreover, the Company may receive your personal data from other sources such as sales representatives of other business groups of the Company, business partners or companies under the Company Group, customers or representatives referred by the Company
5.3 Objectives of the Collection, Use or Disclosure of Personal Data Under Legal Basis
The Company shall collect, use or disclose your personal data for various objectives under legal basis as follows:
1)
Contract basis: For the consideration on qualification before entering into contract, contact and coordination relating to compliance with the contract, entering into contract, including payment as agreed upon the contract and payment via platform of the Company’s vendor
2)
Legal obligation basis: For the necessity to constitute legal claim, to use as an evidence as a defense of legal claim, compliance with the court’s order or order of the government agency with legal authority, including disclosure or report of your personal data to the government agency with legal authority
3)
Legitimate interest basis: By taking into consideration the proportionality and your expectation whereby the benefits derived must be well balanced with your basic rights concerning personal data protection in order to achieve the following objectives:
a)
For audit and identity authentication purposes relating to any transactions or legal act and contract
b)
For an audit by major shareholders or relevant agencies, investigation, examination, audit, request for advice to constitute legal claim or legal proof procedures in which your personal data may be disclosed to the lawyer, legal and tax consultant, auditor, including other consultants to achieve such objective
c)
For risk management, audit and internal control and organization management as well as disclosure of personal data to major shareholders for internal audit and prevention of any misconducts or illegal acts
d)
For business analysis or evaluation, improvement, planning and forecast
e)
For the safety of the building areas or facilities from CCTV recording
4)
Consent basis: The Company shall perform activities to achieve the following objectives upon receiving your consent
a)
To publicize and invite you as a business partner or counterparty of the Company to be interested in using the vendor’s platform as a payment channel, including other related services provided by the Company’s vendor
b)
Upon receiving your legal consent to collect, use or disclose sensitive personal data such as health data, religious data, including other sensitive personal data appeared on the ID card for identity authentication
5.4 Disclosure of Your Personal Data
The Company shall not disclose your personal data to any external parties unless otherwise informed or upon being granted with your consent or when it deems necessary to disclose or to report your personal data to the regulatory bodies, government agencies or any other agencies as stipulated by law relating to the Company’s operation.
The Company may be required to disclose your personal data to relevant external parties for the objectives mentioned above to proceed with an audit, request for legal advice, inspection, assessment, legal proceeding or any other proceedings necessary for the Company’ s business operation.