PERSONAL DATA PROTECTION POLICY
Eastern Technical Engineering Public Limited Company Group (hereinafter will be collectively referred to as “the Company”) respects the privacy rights and places importance on protection of Personal Data which is relevant to or has transaction with the Company to ensure you that your Personal Data obtained by the Company will be used pursuant to the specified objectives and in compliance with the law. Thus, the Company has established this Personal Data Protection Policy in order to have clear and appropriated criteria, mechanism, and measures on supervision and management of Personal Data, with details as follows:
1. Scope of Enforcement and Application
This Policy is applied with Personal Data of the persons who have relationship with Eastern Technical Engineering Public Limited Company Group including its present and future subsidiaries and affiliated companies, which mean the permanent employees, the fixed-term contract employees, the temporary employees, the trade partners and service providers who are natural persons, the customers who are natural persons, the shareholders including the counterparty or the third party who processes the Personal Data for or on behalf of the Company.
2.1 “Group of Companies” means Eastern Technical Engineering Public Limited Company, ETE Management Company Limited, SYN 168 Company Limited, Glow Trading and Service Company Limited and Energy For All Company Limited and including the affiliated companies.
2.2 “Personal Data” means any information relating to a person, which enables the identification of such person, whether directly or indirectly, but not including the information of a deceased person in particular.
1) Specific information of a person, information to identify name or information from identifiable government documents, such as, prefix, name, last name, middle name, nickname, signature, national identification number, nationality, driving license number, passport number, house registration information, business operation number, professional license number (for each profession), insured person identification number, social security number, and etc.
2) Information detailing about the identity, such as, date of birth, gender, height, weight, age, marital status, military service status, picture, spoken language, preference behavior, information on incompetent or quasi-incompetent person, and etc.
3) Contact information, information for contact purpose, such as, home telephone, mobile phone number, facsimile number, email address, postal home address, online social username (Line ID, MS Teams), location map of residence, and etc.
4) Information relevant to work and education, details on employment including working history and educational background, such as, type of employment, profession, duty, expertise, work permit status, information of referenced person, tax payer identification number, position holding history, working history, salary information, commencement date of employment, resignation date, appraisal result, welfare and benefit, bank account number, education institute, education certificate, education transcript, graduation date and etc.
5) Information relevant to the use of the Company’s system, details on the use of the Company’s system, such as, account username, password, computer traffic information, information identifying coordinate, picture, video, sound recording, usage behavior information (website under the Company’s supervision, such as www.eastern-groups.com or applications of the Company), retrieval history, cookies or similar technologies, and etc.
2.3 “Sensitive Personal Data” means genuinely personal information of a person but it is sensitive and may be at risk for unfair discrimination, such as race, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health information, disability, labor union information, genetic data, biological data, or any other data which may affect the Data Subject in a similar manner, as stipulated in the Personal Data Protection Committee’s announcements.
2.4 “Processing” means the operation relevant to collection, use, disclosure, erasure or destroy of Personal Data.
2.5 Data Subject” means a natural person who owns the Personal Data whose Personal Data can enable the identification of such person, whether directly or indirectly.
2.6 “Data Controller” means a natural person or a juristic person having the power and duties to make decisions regarding the collection, use or disclosure of the Personal Data.
2.7 “Data Processor” means a natural person or a juristic person who operates in relation to the collection, use or disclosure of the Personal Data in accordance with the orders given by or on behalf of the Company whereby such person or juristic person is not the Data Controller.
3. Source of Personal Data Collected by the Company
The Company may collect or acquire Personal Data from the following sources:
3.1 Personal Data that the Company collected directly from the Data Subject through various service provision channels, such as, job application form, service provision by the Company, the entering into the contract, document or other service channels supervised by the Company or when the Data Subject communicates with the Company at the office or via other communication channels supervised by the Company, and etc.
3.2 Information that the Company collected though cookies while the Data Subjects accessible to the Company’s website.
4. Purposes and Legal Bases on Collecting and Possessing of Personal Data
4.1 The Company will collect the Personal Data with objectives, scope and use pursuant to the legally means by taking into consideration the privacy of the Data Subject. The Personal Data must be solely collected to the extent where it is necessary to achieve the objectives as specified by the Company.
4.2 The Company will arrange to make the Data Subjects acknowledge, and provide consent via electronic means or other means specified by the Company. In case of collection of Sensitive Personal Data of the Data Subject, the Company will explicitly request consent from the Data Subject first before collection and compilation, except where the collection of Personal Data and Sensitive Personal Data have been exempted by the Personal Data Protection Act B.E. 2562 (2019) or other laws.
The collection or use of Personal Data of the Data Subject will be necessary for beneficial operations for management within the Company or for improvement of quality on operations for better efficiency and/or for compliance with the laws or regulations relevant to the Company’s operations. The Company will use Personal Data in accordance with the relevant laws for improvement of the services for better efficiency and will collect and use such data as per necessary retention period for objectives notified to the Data Subjects or as per specified by the law only. The processing under the Personal Data Processing Basis in accordance with the Personal Data Protection Act B.E. 2562 (2019) comprising of Contract Basis, Legitimate Interest Basis, Legal Obligation Basis, and Consent Basis.
In addition, the Company will not carry out any other undertaking which will be different from the objectives specified in relation to the collection, unless
(1) New objective has been notified to the Data Subject and the consent has been given by the Data Subject.
(2) It is for compliance with the Personal Data Protection Act or other applicable laws.
5. Disclosure of Personal Data
5.1 The Company will not disclose the Personal Data of the Data Subject to any other person without receiving the consent and it will be solely disclosed as per the specified objectives.
5.2 The Company may be necessary to disclose Personal Data of the Data Subjects to its subsidiaries or other persons for benefit on operations of the Company and for provision of services to the Data Subject. With regards to disclosure of the Personal Data to those persons, the Company will arrange the suitable measures to make those persons keep confidence of Personal Data and will not use it for other purposes apart from the scopes specified by the Company.
5.3 The Company may disclose the Personal Data of the Data Subject pursuant to the criteria specified by the law and the counterparty who operates the works relevant to welfare of the Company’s personnel, such as, disclosure of Personal Data to the government agency, the agency of the public sector, the regulatory agency including in case of disclosure by virtue of the law.
6. Personal Data Security Measures
6.1 The Company has established the appropriate Personal Data security measures by restricting the accessible rights to the Personal Data whereby the Personal Data will be solely accessible by the specific employees or the authorized or assigned personnel who are necessary to use such data pursuant to the objectives notified to the Data Subject. In addition, Personal Data of the Company’s employees and other relevant persons have been prevented from unauthorized access or modification which are in line with the law, policy, rule, regulation, and practice on protection of Personal Data.
6.2 The Company supports and encourages the employees to have knowledge and realize about their duties and responsibilities on collection, use and disclosure of Personal Data of the Data Subject so that the Company will be able to comply with the policy and the laws on personal data protection correctly and effectively.
7. Rights of the Data Subject
7.1 Right to access to and obtain copy of Personal Data, or right to ask for disclosure on acquisition of Personal Data for which consent has not been given (Right to Access).
7.2 Right to object the collection, use, or disclosure of Personal Data (Right to Object).
7.3 Right to request to erase or destroy, or anonymize Personal Data to become anonymous data which cannot identify the Data Subject (Right to Erasure).
7.4 Right to request to restrict the use of Personal Data (Right to Restriction of Processing).
7.5 Right to withdraw consent for processing Personal Data which has already given consent (Right to Withdraw Consent). However, the withdrawal of consent will not affect the collection, use, or disclosure of Personal Data that the Data Subject has already given consent.
7.6 Right to rectify the incorrect or incomplete Personal Data (Right to Rectification).
7.7 Right to transfer Personal Data (Right to Data Portability)
8. Review and Amendment of the Personal Data Protection Policy
The Company will update or amend this Policy at least once a year, to make it conform to the requirements of the laws, the changes on operations of the Company, including the suggestions and opinions of the agencies. The Company will explicitly announce any amendment for acknowledgement.
9. Contact Channels
Data Protection Officer (DPO)
Tel. No. 063 956 9780
Address: Eastern Technical Engineering Public Company Limited
Bangkok Office, Located at No. 88, Soi Yothin Pattana 3,Khlongchan Sub-district,
Bangkapi District, Bangkok 10240 Tel. No. 02 158 2000 Fax. No. 02 158 6148
This policy has been approved by resolution of the Company’s Board of Directors Meeting
No. 4/2022 on August 10, 2022
Mr. Raivin Lekavorranan
Chief Executive Officer
Eastern Technical Engineering Public Company Limited