Privacy Notice for Employees, Service Providers, Contractors or Participants in activities or projects of The SCB Tech X Co., Ltd.
We, SCB Tech X Co., Ltd. (the “Company”, “we”, “our” or “us”), care about the privacy of our employees, workers, service providers and contractors (“you”). Thus, we provide this Privacy Notice under the Personal Data Protection Act B.E. 2562 (“PDPA”) to inform you of the methods, objectives and details of the data that we collect, store, use or disclose; duration of data collection; disclosure of personal data; your rights as the owner of personal data; and the keeping of privacy and security of personal data and how you can contact us.
This Privacy Notice applies to the following natural persons:
(1) Employees or workers of the Company pursuant to employment agreements;
(2) Service providers and contractors of the Company, including their employees or staff under the agreements with the Company (e.g. service agreement, hire of work agreement, agency contract) including its employee or staff;
(3) Job applicants, whether they are applying directly with the Company, or through agency or other entities;
(4) Former employees, of whom the Company needs to retain or use their personal data as required by laws;
(5) Parents, descendants, relatives, spouses or beneficiaries of employees;
(6) Guarantors of employees, staff, service providers or contractors under the employment agreements, service agreements, hire of work agreements, agency contracts or other similar agreements with the Company;
(7) Speakers and lecturers for training courses organized by the Company;
(8) Trainees or participants in projects or activities organized or participated by the Company;
(9) Directors, advisors, or authorized persons of the Company;
(10) Employees of companies in SCBX Group;
(11) Reference persons in job applications or other contracts made with the Company;
(12) Student trainees, scholarship students of the Company including their guarantors or other relevant persons; and
(13) Any natural person entering into contract or participating in any activity (whether directly or indirectly) with the Company for the purposes stated in this Privacy Notice.
1. How the Company collects, uses and discloses your personal data
The Company will only collect, use or disclose your personal data when it is necessary, or where there is a lawful basis to do so. This includes where the Company collects, uses or discloses your personal data based on (a) legal obligations, (b) performance of contract, (c) legitimate interests, (d) consent and/or (e) other lawful bases for the following purposes:
1.1 Legal obligations of the Company
As the Company is subject to supervision and regulations and must comply with appliable laws and regulations, it is necessary for the Company to collect, use or disclose your personal data for various reasons as required by the following laws and governmental regulations:
(1) the Personal Data Protection Act;
(2) the Civil and Commercial Code, Labour Protection Act, Labour Relations Act including other relevant labour laws;
(3) the Social Security Act, Provident Fund Act, Workmen Compensation Act, or other laws relating to the provision of welfare for employees or workers;
(4) the Empowerment of Persons with Disabilities Act, Skill Development Promotion Act and/or other relevant laws;
(5) the Revenue Code or other tax laws;
(6) the Orders and regulations issued by government authorities, such as court orders, orders from governmental or supervisory agencies, or regulatory authorities;
(7) the Anti-money laundering and suppression of terrorism funding (AML/CFT) laws;
(8) Checking of background, assets or securities holding of employees as required by laws, including reports made to relevant regulatory or governmental authorities; and
(9) Checking and verifying of background or qualifications for the appointment of executives or other key positions as required by rules and regulations issued by relevant regulatory authorities or other relevant laws.
1.2 Performance of contract made between you and the Company
The Company will collect, use and disclose your personal data in accordance with application documents, agreements or contracts made between you and the Company and for the purposes stated therein, as follows:
(1) Job application, recruitment, interview, questionnaire, performance assessment of the candidate;
(2) Employment, negotiation, employment approval, preparation, modification, change, renewal or any other actions with respect to employment agreements and/or agency agreements, including change of working conditions;
(3) Preparation of employee profile registration, book-keeping of employee profile registration on the Company’s system, including to create, delete, edit employees’ personal data and grant or revoke the rights of the employee;
(4) Preparation of payroll and calculation of wages, salaries or compensations to be paid by the Company to you, including making payments or setting aside workers compensation reserves;
(5) Arrangement for welfare, benefits, payments, loans, credits and reimbursements concerning welfare programs granted by the Company to employees;
(6) Arrangement, change, or cancellation of health insurance, life insurance, accidental insurance or other types of insurances;
(7) Grant, permission or alteration, deletion and control of the rights to access or use the Company’s assets or systems;
(8) Arrangement and provision of office equipment and supplies for employees g. name cards, signs, computers distribution and employee cards, including arrangement for returning of the same upon employment termination;
(9) Review and assessment for the appointment of executives or other key positions;
(10) Compliances with the employment agreement work rules, regulations and orders of the Company;
(11) Record and management of data concerning leaves of employees; entitlement;
(12) Performance review and job assessment;
(13) Grant of scholarships and internship;
(14) Arrangements relating to termination or expiration of the employment agreement between the Company and employee, including retirement;
(15) Organisation of activities by internal and external personnel;
(16) Arrangement in relation to any internal and external trainings, projects or employees’ capacity development programs, including issuance of training certificates;
(17) Communications and announcements to employees related to the performance of contract via any communication channels;
(18) Preparation of Power of Attorney; and
(19) Preparation of salary certificate, income statement, work certificate, or other certificates concerning employment, agency or other types of service agreements.
1.3 Legitimate interests of the Company
The Company relies on the legitimate interests by balancing the nature of your personal data that the Company collects, uses and discloses with the normal reasonable expectations and provide safeguards to reduce any negative impacts on your fundamental rights and freedoms. This may include processing your personal data to:
(1) Use personal data of non-applicants during the process of recruitment, interview and assessment of applicants, including to store the personal data of the beneficiaries of employees;
(2) Perform duties under a contract between the Company and another person, where your personal data is necessary but you are not a contractual party;
(3) Record and keep personal data on the Company’s internal storage system;
(4) Enhance staff knowledge and capabilities, including relevant management and planning for corporate structuring projects;
(5) Pursue safety and business continuity measures including perform the Company’s internal risk management function, and report incidents resulting from the Company’s operations;
(6) Conduct employee background check;
(7) Perform the Company’s accounting, financial, or other internal management operations;
(8) Undertake measures and actions towards surveillance, prevention, investigation, complaint handling, investigation of suspicious behaviours, or fraudulent behaviours, money laundering, and terrorism misconduct, including actions to prevent such incidents;
(9) Undertake and record of disciplinary action, make criminal report, give statements or information to the police, competence officer, court and other competent authorities;
(10) Take action relating to disputes, dispute resolution including establish, exercise, or defend the legal claim;
(11) Provide employment information, disclose employee status to third parties, such as companies in SCBX Group ;
(12) Prepare reports for the Company’s internal departments including questionnaires, collecting, and analysing various data to support the work within the organisation;
(13) Make travel and accommodations or other facilities arrangements for employees, such as ticket and hotel reservations, meals;
(14) Communicate with and make announcement to employees via any channels; and
(15) Membership process for cooperatives
Normally, the Company will not collect, use or disclose your personal data if the Company does not have any lawful bases to do so. However, if necessary, the Company will ask for your consent to collect, use or disclose your personal data for your benefits the following purposes:
(1) Collect, use and disclose your sensitive personal data for authentication, criminal background check or welfare and health benefits;
(2) Send or transfer your personal data to a country of destination with inferior data protection standards; and
(3) When the data subject is classified as a minor, quasi-incompetent or incompetent whose consent must be given by their parent, guardian or curator (as the case may be).
Apart from the above lawful bases, other lawful bases that the Company may rely on the following bases when collecting, using or disclosing your personal:
(1) Prepare historical documents or archives for the public interest, or purposes relating to research or statistics;
(2) Believe that the use of your personal data is of vital interest or to prevent or suppress a danger to a person’s life, body or health; or
(3) Believe that the use of your personal data is necessary to carry out a public task, or exercise official authority.
2. What personal data the Company collects
The personal data that the Company collects may vary depending on the objectives and necessities and may include both general and sensitive personal data.
Your personal data that the Company collects, uses and discloses are as follows:
||Examples of personal data
- Given name, middle name, surname, hidden name (if any)
- Gender, date of birth and age
- Marital status
- Educational background
- Work experiences
- Mailing address
- House registration address
- Email address
- Phone number
- Facsimile number
- Social media accounts
|Identification and authentication details
- Photo on ID card, employee card
- ID number
- Passport information
- Driving licence
- Positions and responsibilities
- Salary and reimbursement
- Leaves information
- Performance assessment
- Assessment and other evaluations
- Reimbursement and welfare usage and claims
- Disciplinary actions
|Welfares and benefits
||Information relating to:
- Finance and tax
- Life insurance, health insurance and non-life insurance
- Provident fund
- Loan or debts
- Education of the employee’s child
|Geographic information and information relating to your devices and software
- GPS location
- IP address
- Technical specifications and uniquely identifying data
- Background, anti-money laundering and counter terrorism checks
- Consent and metadata of relevant information exchanges between and among individuals and/or organisations, including emails, voicemail and live chat.
|User login and subscription data
- Login credentials for phone including internet browsing history
|Information concerning security and information required to support our regulatory obligations
- Visual images
- Personal appearance
- Detection of any suspicious and unusual activity
- CCTV images and motion pictures
- Video recordings
|Sensitive personal data
- Health-related informationg. blood type, health examination results
- Biometric information, such as facial recognition, fingerprint, and retina recognition.
- Criminal records
- Records of correspondence and other communications between you and us, in whatever manner and form, including but not limited to phone, email, live chat, instant messages and Social Media communications.
- Information that you provide to us by filling in forms or communicating with us, whether face-to-face, by phone, email, or electronic channels.
3. Sources of your personal data
Normally, the Company will collect your personal data directly from you. The Company sometimes may get it from other sources, in which case the Company will ensure that our sources of your personal data comply with the PDPA.
Personal data that the Company collects from other sources may include:
(1) Information you have asked the Company to collect for you, e.g. information about your accounts or property holdings with other companies including transactional information;
(2) Information of any persons relevant to you (e.g. your family, relatives, job or scholarship guarantor) that is necessary for the Company to proceed with the relevant employment, benefits and welfare purposes;
(3) Information from third-party service providers and/or governmental authorities, e.g. information that helps us to combat fraud or information related to your social interactions (including your communications on social media, with individuals, organisations, clearing houses, custodians and any other stakeholders, obtained from the companies from which information is collected);
(4) Information from our trusted business partners or other third parties involved in your transactions;
(5) If information arises out of your insurance policy or claims thereunder, the Company may also collect:
(a) Information about your medical records obtained through an agreement or with your consent;
(b) Information about your insurance claims history;
(c) Information from other parties involved in your insurance policy or claim; or
(d) Information from publicly available sources;
(6) Information from CCTV and surveillance devices; or
(7) Information from companies in SCBX Group , relating to your work or engagement
Other than the above-mentioned information, the Company may collect personal data of the following third parties from you:
- Emergency contact;
- Guardian, family members or other individuals who have relationship with you;
- Beneficiaries to receive welfares from the Company; or
- Persons who you refer to in the job application or contract with the Company.
By providing the personal data of the above-mentioned parties, you have the obligation to inform the data subjects of the details of the collection, use and disclosure to the Company.
PDPA aims to give you more control of your personal data. You have legal rights concerning your personal data. These rights include:
4.1 Right to access and obtain copy
You have the right to access and obtain your personal data held by the Company, except in the case where the Company is entitled to reject your request under the law or a court order, or where your request may affect the rights and freedoms of other persons.
4.2 Right to rectification
You have the right to rectify your personal data to be up-to-date, complete, accurate. at any time.
You have the right to request the Company to delete, destroy or anonymise your personal data, except in the case where the Company has the legal grounds to deny your request.
You have the right to request the Company to restrict the processing of your personal data under certain circumstances, for example when your personal data is pending examination process to rectify your personal data, or when it is no longer necessary for the Company to retain the personal data.
You have the right to object to the processing of your personal data, except in the case where the Company has compelling legitimate grounds which may override your own interests, or when the processing of your personal data is carried out to comply with, exercise or defend legal claims, or if such personal data processing is necessary for the performance of a task carried out under public interests.
4.6 Right to data portability
You have the right to request that the Company transfer your personal data to any third parties, or request to obtain your personal data that the Company has transferred to any third parties provided that it is technically feasible.
4.7 Right to withdraw consent
You have the right to withdraw your consent given to the Company at any time according to steps and procedures prescribed by the Company, except where such consent, by its nature, is non-withdrawable Nevertheless, the withdrawal of your consent shall not affect the collection, use or disclosure of your personal data to which you already consented prior to the said consent withdrawal.
4.8 Right to lodge a complaint
You have the right to make a complaint with the Personal Data Protection Committee or their office to receive a fair remedial action.
5. How the Company shares your personal data
The Company may disclose your personal data to the following third parties or organisations under the rules prescribed by the PDPA:
(1) Companies in SCBX Group, business partners and/or other persons that the Company has legal relationship with, including directors, management, employees, workers, contractors, authorised persons and consultants of such persons.
(2) The Company’s customers or service receivers, where the disclosure is necessary for you to perform your duties or it has other lawful bases to do so.
(3) Business partners, agents, third party service providers and other entities (e.g. external auditors, depositories, document warehouses providers, IT service providers), provided that the disclosure of your personal data must have a specific purpose, and is made on lawful basis, as well as is subject to appropriate security measures.
(4) Any relevant persons as a result of activities relating to sales claims and/or assets, corporate restructuring or merger of the Company where the Company may transfer their rights to such merged entity including any persons with whom the Company is required to share data for a proposed sale claims and/or assets, corporate restructuring, merger, financial arrangement, asset disposal or other transaction relating to the Company’s business and/or assets used in its business operation.
(5) Legal counsel, attorneys, fraud prevention agencies, courts or governmental authorities or any person with whom the Company is required or permitted by law and other relevant regulations, court orders or other authorities, to disclose the personal data.
(6) Third-party guarantors or other persons that provide benefits or services to you (such as insurance company relevant to work, products or services.
(7) Your attorney-in-fact, legal representatives, sub-attorneys, or any other authorised persons or representatives legally empowered or entitled to use your account.
(8) Governmental agencies, state enterprises, state agencies relating to the disclosure of your personal data in accordance with the law and/or regulatory authority (e.g. the Department of Labour, Legal Execution Department, Education Loan Fund, the Bank of Thailand, The Securities and Exchange Commission, the Office of the Insurance Commission, the Ministry of Digital Economy and Society).
6. International transfer of personal data
In the case where it is necessary for the Company to transfer your personal data internationally, the Company will use its best efforts to send or transfer your personal data to reliable business partners, service providers or recipients of the Company in the safest way to keep your personal data secure.
(1) it is required by law;
(2) the Company has informed you of the inadequate personal data protection standards of the destination country and has obtained your consent;
(3) it is necessary for the performance of a contract to which you are a party or in accordance with application/request prior to execution of contract;
(4) it is necessary to comply with a contract between the Company and other individual or juristic parties, for your own interest;
(5) it is for a vital interest or it is to prevent or suppress a danger to a person’s life, body or health and you’re incapable of giving consent at such time; or
(6) the Company needs to carry out activities relating to the public interest.
7. Retention period of personal data
The Company will keep your personal data for as long as you still have the relationship with the Company as our employee, service provider, contractor under the employment agreement, service agreement, hire of work agreement, agency contract, or other agreements of the same kind that you have entered into with the Company. The Company will only keep your personal data for a period of time that is appropriate for the type of personal data and the purpose the Company holds it for in accordance with the PDPA.
The period of time that the Company retains your personal data is corresponding to the prescription period and law enforcement period under the laws. However, the Company may retain your personal data after the expiration of such period if the Company is obligated to do so under the laws, or if any existing claims or complaints will reasonably require the Company to keep your personal data, or for regulatory or technical reasons, whereby if the Company is required to keep your personal information for a longer period of time, the Company will continue to keep your personal data secure.
Apart from this, the Company may need to retain CCTV surveillance in our offices, to prevent fraud and for security reason of our customers or related persons who visit or inform to the Company.
The Company may collect cookies and similar technologies when you use our systems, products and/or services, including when you use our websites for the operations and the Company’s services, electronic systems, to make transactions through internet banking, applications of the Company.
9. Use of personal data according to the original purposes
The Company has the right to collect and use your personal information that the Company has collected before the enforcement of the PDPA if the collection and use are for the original purposes. If you do not wish the Company to collect and use such personal data, please inform the Company to withdraw your consent at any time.
The Company has implemented different measures to ensure that your personal data is secure, such as data encryption, and also requires our staff and third-party contractors to follow our applicable privacy standards and policies and exercise due care and implement appropriate security measures when processing personal data.
If you have any questions about the Privacy Notice of the Company or would like to exercise your rights, please contact the Company at HR@scbtechx.io
In addition you may contact our Data Protection Officer at firstname.lastname@example.org or our head office SCB TechX Co., Ltd. located at SCB Park Plaza West B, Floor 21st, no. 19, Ratchadapisek Road, Chatuchak, Chatuchak, Bangkok 10900.
12. Changes to this Privacy Notice
The Company may change or update this Privacy Notice from time to time by notification or announcement of the revised Privacy Notice on our website.