Personal Data Protection Act
Privacy Center
Guidelines on Personal Data Protection Policy (Revised version 2021) Dated 1 April 2021>
Chapter 1 Personal Data Protection Policy For Personnel of IRPC Public Company Limited

Guidelines on Personal Data Protection Policy of IRPC Public Company Limited
(Revised version 2021) Dated 1 April 2021


Chapter 1
Personal Data Protection Policy
For Personnel of IRPC Public Company Limited
1.1 Personal Data Collected by the Company
Personal data collected, used or disclosed by the Company shall include the following:
1)
Personal data such as name, last name, name title, gender, date of birth, ID number, passport number, driver’s license, marital status, military status, photo, age, job position, including other sensitive personal data such as face recognition, fingerprint, religion, nationality, health record, criminal record, disability record whereby the Company has been granted your informed consent or when deemed necessary as required by law.
2)
Contact data such as address, telephone number and e-mail
3)
Financial data such as salary, savings account number, other remunerations, credit record, both employees’ loan benefits and/or credit with other financial institutions, settlement, and data relating to assets
4)
Work- related data such as work permit, employment history, performance evaluation, operation, leave of absence record, illness record, data on the use of IT system and internal websites of the Company.
5)
Other personal data such as work experience, education background, training, data of family members, data of the surety (if any), reference data, picture or voice recordings during operation such as CCTV recording, conversation recording while having conversation with customers or external parties etc.
1.2 Sources of Your Personal Data
The Company may collect your personal data as you have directly provided the Company with your personal data or the Company may receive your personal data from other sources.
In a case where the Company has collected personal data by receiving such data directly, the Company has received such personal data from:
1)
Job application procedures by filling in information and providing such information to the Company for consideration on recruitment, registration or filling in job application form to submit to the Company via a specified channel
2)
When you access the Company’s website
In a case where the Company receives your personal data from other sources; for example,
1)
Other persons
2)
Public sources such as data from the internet or social media platform etc.
3)
Other accompanying data, including associated companies, business group or any persons whom the Company has known or referred you to the Company.
4)
Data from the government agency or other related agencies
1.3 Collection, Use or Disclosure of Personal Data Shall be Performed within the Specified Criteria as follows:
The Company shall collect, use or disclose your personal data for various objectives within a legal basis as indicated below:
1.3.1
In a case where you are the Company’ s employee or a family member or a reference person to whom the employee has referred
1)
The Company shall collect, use or disclose your personal data under the contract basis for the following objectives:
a)
To proceed with the tasks relating to employment procedures and steps in preparing the employment contract as well as other contracts relating to the employment such as non- disclosure agreements, policy and working regulations etc.
b)
To consider risk factors of employees’ operation, resulting from health check- ups after starting their operation (proceed within 30 days, starting from the first day of operation)
c)
To communicate with employees, performance evaluation
d)
To proceed with remunerations, welfares and benefits for employees as well as to handle matters regarding the physical health of the employees such as health insurance, annual health check-up, employees’ compensation etc.
e)
To consider vacation leave, personal leave and sick leave
f)
To disclose or submit data to third parties in providing for employees’ welfare such as insurance companies, asset management companies, bank counterparty etc.
g)
To proceed with resignation procedures and steps, termination of employment, compensation, welfare after employment termination
2)
The Company shall collect, use or disclose your personal data under the consent basis to achieve the following objectives:
a)
To check for criminal record
b)
To check for physical health and to collect health data
c)
To disclose personal data, including health data and medical record to the insurance company and the Company Group or the associated companies of the insurance company, including other external parties to achieve the Company’s established objectives relating to the insurance policy
3)
In addition, the Company has collected, used or disclosed your personal data under its legal obligation or for the necessity to constitute a legal claim, compliance or exercising of legal rights or defense of legal rights, such as maintaining employees leave record from a medical certificate or evaluating employees potential etc. Additionally, to disclose or report data to the government agency as stipulated by law such as Social Security Office, Revenue Department, Health Office, Natural Resources and Environmental Policy and Planning etc., including upon receipt of the court’ s order, court’s summons, or government’s notice to act according to legal authority of such agency.
4)
The Company shall collect, use or disclose your personal data within legal basis for the following objectives:
a)
For potential development of personnel and training/ seminar/ work- related visit, knowledge endorsement in various fields for employees
b)
For risk management and governance on personnel management such as an analysis of the number of employees, effectiveness evaluation of the organization, including information disclosure to the contractor or consultant in the demographic survey etc.
c)
For risk management, monitoring, audit and human resources management
d)
For the prevention and review of various activities such as embezzlement, money laundering, criminal acts or any other illegal acts, including disclosure of personal data to major shareholders for internal audit and prevention of any misconducts or illegal acts
e)
For an audits performed by major shareholders or other relevant agencies, investigations or examinations or for the constitution or exercising of legal claims or to use as an evidence in any legal proceedings
f)
For the safety of building areas and facilities, including an exchange of access card before entering the Company’s premises and CCTV recording.
1.3.2
In a case where you are the director or senior executive of the Company
1)
The Company shall collect, use or disclose your personal data under contract basis for the objectives to contact, handle or carry out activities in accordance with the duties as the director and senior executive such as meeting, consideration on remuneration etc.
2)
The Company shall collect, use or disclose your personal data under the consent basis for the objectives to collect health data and religious data, including sensitive personal data appeared on the ID card or passport for identity authentication or for business operation of the Company.
3)
The Company shall collect, use or disclose your personal data under legal obligation basis as follows:
a)
For compliance with legal rights and duties as the Company’ s director or executive
b)
For the necessity to report to the agencies as prescribed by law such as the Securities and Exchange Commission Office and the Stock Exchange of Thailand etc.
c)
For the necessity to constitute legal claim, to audit and to review facts in order to prevent corrupt behavior in exercising the right or to perform respective duties as stipulated by law
d)
For the necessity to constitute legal claim, legal compliance or legal claim or as a defense of a legal claim
e)
Upon receiving an order, a Court’s summons or government notice to carry out any acts according to legal authority of such agency such as to compliment the submission of your inventory (if any) etc.
4)
The Company shall collect, use or disclose your personal data under legitimate interest basis to achieve the following objectives:
a)
For the objectives of audit and identity authentication to perform respective duties according to the position or assigned authority
b)
For business understanding and administration of the Company, including the study visits as deemed necessary
c)
For risk management, monitoring and audit
d)
For prevention and review of various acts which are considered embezzlement, money laundering, criminal acts or any other illegal acts
e)
For an audits performed by major shareholders or other related agencies, investigation, examination or for the constitution or exercising of legal claim or to use as an evidence in any legal proceedings
f)
For the safety of building areas or facilities, including an exchange of access card before entering the Company’s premises and CCTV recording
1.4 Disclosure of Personal Data
The Company may disclose your personal data to associated companies in the Company Group or other external parties to achieve the following objectives as set forth in this policy.
The Company may be required to disclose your personal data to a government agency or any other agencies as stipulated by law such as the Revenue Department, Social Security Office, Health Provincial Office, Securities and Exchange Commission Office, Stock Exchange of Thailand etc. Additionally, the Company may disclose personal data according to the order of the government agency or any other regulatory bodies as well as to submit your personal data to the National Credit Bureau for audit and may employ an audit result to prevent fraudulent or corrupt behavior.
The Company may be required to disclose your personal data to relevant external parties to proceed with an audit, inspection, assessment, request for legal advice, legal proceeding or any other proceedings necessary for the Company’s business operation
1.5 Retention of Personal Data, Retention Period and Safety Measures
The Company shall maintain your personal data as long as it deemed necessary according to the objectives specified in this personal data protection policy. Additionally, the Company shall take into consideration the suitable retention period based primarily on the duration of employment contract, term of office and statute of limitations. Nonetheless, the Company may continue to maintain your personal data for the period specified in order to comply with relevant law or to constitute or exercise legal claim or to conform to the statute of limitations.
The Company shall maintain personal data in a form of a document and/or in a computer system or electronic system as well as establish appropriate safety measures of personal data to prevent any losses, accesses, uses, changes, rectifications or disclosures of personal data improperly or without legitimate authority. Nonetheless, the Company has restricted the access and use of technology to maintain safety of your personal data to prevent an unauthorized access of the computer system. In a case that your personal data has been disclosed to any external parties processing data or the data processor, the Company shall supervise such person to ensure that he/she acts in accordance with the Company’s order.
The Company shall delete or destroy personal data upon termination of the retention period of such personal data.