Your personal data, including the data of related persons of the juristic person, which is subject to the Process are:
         (i) Personal Information, e.g., name, address, mobile number, email, photo, copy of ID card, ID card number, copy of passport, passport number, age, career, Facebook account, Line account;
         (ii) Information related to your purchase of products or services, e.g., purchase history, claim history, complaints, including the information you gave consented for research, suggestion, or interview;
         (iii) Financial information, e.g., bank account number or other related financial information, taxpayer identification number;
         (iv) Information relating to your transaction, e.g., signature, information on the ID card, copy of ID card or passport, copy of census registration, copy of driver’s license, copy of vehicle registration, copy of the power of attorney, invoice, receipt, payment voucher;
         (v) Technical information, e.g., Log file, IP address, geography information, real-time location data, browser, website history, website usage, log-in Log, transaction log, access time, search history, access history, social media usage, information received from Cookie or other relevance technologies; and
         (vi) Record of image, photo, video, and audio recorded by CCTV or any other information that may identify the data subject.

In the event that we obtain Sensitive Personal Data such as race, religion, health information, disability information and such Sensitive Personal Data is not necessary for the operation of the Company, you may conceal such Sensitive Personal Data before submitting the information to the Company or we reserve our right to conceal such Sensitive Personal Data on the received documents. which will be deemed the Company has not collected such Sensitive Personal Data from you. Please be notified that the company has no policy to store your Sensitive Personal Data without your explicit consent or legal basis.

We may collect your Personal Data from:
         (i) Any Operating System (OS), Information System, the Company’s website, email, telephone, fax, business card, letter, online, offline, electronics, or other channels which we directly received from you: and
         (ii) Public website, our partner, our contract party, or our affiliates.

In the event that you visit or access our websites, we may use Cookie to collect your Personal Data in accordance with our Cookie Policy.

We may Process your Personal Data for the following purposes;
         (i) For the purpose of entering into the employment agreement, agreement in relation to the operation under the employment agreement, assignment, transfer of employee and allocation of workforce to other entity (Secondment);
         (ii) For the compliance of the Company’s human resource management regulation, rule and code of conduct;
         (iii) For the evaluation of employee’s performance, promotion and compensation and assessment of healthcare and safety measure;
         (iv) For the purpose of wellness providing e.g., social securities, health insurance, insurance for accident, provident fund, withholding tax, healthcare and others benefit such as nursing station, cafeteria, gym, cooperative, association or related activities;
         (v) For the purpose of transmission or sharing of information, communications and coordination within and outside the organization is critical to the Company's operations;
         (vi) For the purpose of facilitating the activities related to the employee’s religion belief in the workplace and in the event organized by the Company;
         (vii) To verify your eligibility based on criminal record, money laundering, conflict of interest or fraud, tax evasion, use of insider information (Insider Trading) and other financial crime prevention investigations;
         (viii) To contact the person to whom you have provided your contact information, if necessary. or emergencies e.g., notifying a dangerous incident to an employee;
         (ix) For the purpose of health check-up and review of readiness for work to protect the operator for any harm inside the office and premise of the Company, including for the quarantine purpose and risk assessment for the contagious capability of the disease before the entry into the office and premise of the Company;
         (x) For the purpose of internal data analysis and statistic collection and for the processing in relation to structure reorganization of the Company;
         (xi) For the purpose of complying with the laws, regulations and order from the competence entity such as labor law, labor relation law, social securities law, safety, cleanliness and environment of workplace law, regulated occupation law and contagion disease prevention law;
         (xii) To accompany reports to regulatory agencies e.g., the Ministry of Labor;
         (xiii) For the management of access for the information technologies in relation to the responsibility under the employment contract;
         (xiv) To apply for a visa and work permit, and issue visa certificates for foreign applicants to Thailand;
         (xv) The necessity of establishing, complying, and exercising the legal claim or performing any necessary procedures to comply with the applicable laws;
         (xvi) Internal audit and compliance, investigating the complaints or claims to detect and prevent corruption, fraud, and other inappropriate behavior, including wrongful or illegal acts;
         (xvii) For the purpose of maintaining security of the facilities and vicinity, including recording of image or video by CCTV system;
         (xviii) The necessity to protect your vital interests in case you are not able to give the consent or whatsoever including the necessity to perform a task carried out in the public interest, exercise of official authority vested in us, or comply with a legal obligation; and
         (xix) In case of the termination of employment or resignation by employee, the Company have to process the employee’s personal data to cancel the authentication and registration in the internal system of the Company and with the related governmental entity (e.g., Office of Social Securities, Provident Fund), to review for any outstanding liability between the employee and the Company and/or the saving cooperative of the Company and for the internal record of the Company.

We may Process your Personal Data under the following legal basis;
         (i) Contractual Necessity, or to conduct any process or activity in response to your pre-contractual request;
         (ii) Legitimate Interest pursued by us or by a third party, and such interest shall not exceed your fundamental rights in your Personal Data;
         (iii) Legal Obligation in any applicable laws which the Company has to comply with;
         (iv) Consent which the Company received from you for collection, use, and disclosure of your Personal Data; and
         (v) Any other basis which the Company has under any applicable laws.

In case we collect, use, or disclose any of your Sensitive Personal Data under the following legal basis. We shall ensure that:
         (i) We have received your explicit consent in writing from you to collect, use or disclose such Sensitive Personal Data;
         (ii) It is necessary to prevent or protect your vital interests;
         (iii) It is necessary to establish, comply, or exercise our right or legal claim or to perform any necessary procedures to comply with the applicable laws; and
         (iv) It is necessary to comply with the applicable laws, including Personal Data Protection Act.

We may share or disclose your Personal Data to pursue our Propose of Processing your Personal Data under the relevant legal basis. Therefore, we may share or disclose your Personal Data within our Company or our affiliates either inside or outside of the territory, which may have different personal data protection measures from Thailand. The Company shall ensure that the disclosure of your Personal Data shall comply with Thailand Personal Data Protection Act.

Upon receiving your consent, the contractual necessity, the legal obligation, or the legitimate interest, the Company may deliver, transfer, or disclose your Personal Data to the third party either inside or outside of the territory. We ensure to comply with the applicable laws and provide the necessary Personal Data protection measures to the followings:
         a) Person or juristic person which the Company obliged or ordered by the jurisdiction court, state agency, tax authority, regulator, or the law enforcer to disclose such Personal Data;
         b) Consultant, Company’s professional advisor including lawyer, banker, auditor, accountant, insurer, a professional service provider on legal, banking, compliance, accounting, or insurance;
         c) Financial institution or financial service provider, e.g., a Company that provides you an electronic payment service on each transaction;
         d) External service provider, business partner, social media e.g., IT service provider, marketing Company, researching service provider, cloud storage service provider, Facebook or Line etc.; and
         e) External auditor, shall independently perform any assessments and review your data as a part of the Company’s compliance standard.
We may disclose your Personal Data to an external person or juristic person which we may sell or transfer, in whole or in part, our business or asset or vice versa, we may acquire or merge other business. Nevertheless, in the circumstance of the Company’s alteration whether about selling, acquiring, or merging (whatsoever) such alteration may require the use or disclosure of your Personal Data similarly to which stated in this privacy notice.

The security of your Personal Data privacy is the first priority for the Company. We assure you that we implement and use the appropriate security measures on both technical and administration standards to protect your Personal Data and to prevent any possible damages to your Personal Data (e.g., loss, unpermitted access, disclosure, abuse, misuse, modifying, or destruction.) by using an appropriate technology and security measures. We shall ensure that only the permitted person shall have the right to access your Personal Data and that such person has enough knowledge and experience in the Personal Data protection protocol. Such security measures, from time to time, shall be reconsidered, if it deems necessary or the technology transformation occurs, to ensure that decent and appropriate security measures are applied.

We will retain your Personal Data for a necessary period for the purpose we informed you or as described in this privacy notice. In the event that (i) you desire to end your legal relationship or contract with us, (ii) you have no services or transactions with us, or (iii) your Personal Data is no longer necessary for the purpose of Data Processing. Your Personal Data will be retained for the period allowed by the applicable law, prescription, and legal claims. After the retention period ends, we will delete, destroy, or unidentified your Personal Data.

Under the Personal Data Protection Act, your rights as a data subject are the followings;
         (i) Right to withdraw your consent given to us, unless such withdrawal is limited by the applicable law or the contract;
         (ii) Right to access and obtain a copy of your Personal Data under the responsibility of the Company including the right to request the disclosure of the Personal Data acquisition;
         (iii) Right to send or transfer your Personal Data to other Data Controllers;
         (iv) Right to object to the collection, use, or disclosure of your Personal Data;
         (v) Right to delete, destroy, or unidentified your Personal Data;
         (vi) Right to request to restrict the use of your Personal Data;
         (vii) Right to request to edit or modify your Personal Data to be accurate, up-to-date, complete, and not misleading, in the event that your Personal Data retained by us or your Personal Data has been changed; and
         (viii) Right to report or appeal to the authorities if the Company violates or breaches the Personal Data Protection Act.

For your further questions, queries, or requests, please contact our Data Protection Officer below;

Osotspa Public Company Limited.
348 Ramkhamhaeng Rd., Huamak, Bangkapi, Bangkok 10240 Thailand.
Email: [email protected]