Use and Management of cookies
We use cookies and other similar technologies on our website to enhance your browsing experience. For more information, please visit our
Cookies Policy.
SCB Tech X Co., Ltd. (the “Company”) or (“We”) or (“Our”) or (“Us”), care about the privacy of our employees, workers, service providers and contractors (“You”) or (“Your”). Thus, we provide this Privacy Notice under the Personal Data Protection Act B.E. 2562 (“PDPA”) to inform YYou of the methods, objectives and details of the personal data that we collect, store, use and/or disclose; duration of data collection; disclosure of personal data; Your rights as the owner of personal data; and the keeping of privacy and security of personal data and how You can contact us.
This Privacy Notice applies to the following natural persons:
(1) Our employees or workers pursuant to employment agreements;
(2) Our service providers and contractors, including their employees or staff under the agreements with Us (e.g. service agreement, hire of work agreement, agency contract) including its employee or staff;
(3) Job applicants, whether they are applying directly with Us, or through agency or other entities;
(4) Former employees, of whom We need to retain or use their personal data as required by laws;
(5) Parents, descendants, relatives, spouses or beneficiaries of employees;
(6) Guarantors of employees, staff, service providers or contractors under the employment agreements, service agreements, hire of work agreements, agency contracts or other similar agreements with Us;
(7) Speakers and lecturers for training courses organized by Us;
(8) Trainees or participants in projects or activities organized or participated by Us;
(9) Directors, advisors, or authorized persons of Us;
(10) Employees of companies in SCBX Group;
(11) Reference persons in job applications or other contracts made with Us;
(12) Our student trainees, scholarship students including their guarantors or other relevant persons; and
(13) Any natural person entering into contract or participating in any activity (whether directly or indirectly) with Is for the purposes stated in this Privacy Notice.
1. How We collect, use and/or disclose Your personal data
We will only collect, use and/or disclose Your personal data when it is necessary, or where there is a lawful basis to do so. This includes where We collect, use and/or disclose Your personal data based on (a) legal obligations, (b) performance of contract, (c) legitimate interests, (d) consent and/or (e) other lawful bases for the following purposes:
1.1 Our Legal obligations
As We are subject to supervision and regulations and must comply with appliable laws and regulations, it is necessary for Us to collect, use and/or disclose Your personal data for various reasons as required by the following laws and governmental regulations:
(1) PDPDA;
(2) the Civil and Commercial Code, Labour Protection Act, Labour Relations Act including other relevant labour laws;
(3) the Social Security Act, Provident Fund Act, Workmen Compensation Act, or other laws relating to the provision of welfare for employees or workers;
(4) the Empowerment of Persons with Disabilities Act, Skill Development Promotion Act and/or other relevant laws;
(5) the Revenue Code or other tax laws;
(6) the Orders and regulations issued by government authorities, such as court orders, orders from governmental or supervisory agencies, or regulatory authorities;
(7) the Anti-money laundering and suppression of terrorism funding (AML/CFT) laws;
(8) Checking of background, assets or securities holding of employees as required by laws, including reports made to relevant regulatory or governmental authorities; and
(9) Checking and verifying of background or qualifications for the appointment of executives or other key positions as required by rules and regulations issued by relevant regulatory authorities or other relevant laws.
1.2 Performance of contract made between You and the Us
We will collect, use and/or disclose Your personal data in accordance with application documents, agreements or contracts made between You and Us and for the purposes stated therein, as follows:
(1) Job application, recruitment, interview, questionnaire, performance assessment of the candidate;
(2) Employment, negotiation, employment approval, preparation, modification, change, renewal or any other actions with respect to employment agreements and/or agency agreements, including change of working conditions;
(3) Preparation of employee profile registration, book-keeping of employee profile registration on Our’s system, including to create, delete, edit employees’ personal data and grant or revoke the rights of the employee;
(4) Preparation of payroll and calculation of wages, salaries or compensations to be paid Us to You, including making payments or setting aside workers compensation reserves;
(5) Arrangement for welfare, benefits, payments, loans, credits and reimbursements concerning welfare programs granted by Us to employees;
(6) Arrangement, change, or cancellation of health insurance, life insurance, accidental insurance or other types of insurances;
(7) Grant, permission or alteration, deletion and control of the rights to access or use Our assets or systems;
(8) Arrangement and provision of office equipment and supplies for employees g. name cards, signs, computers distribution and employee cards, including arrangement for returning of the same upon employment termination;
(9) Review and assessment for the appointment of executives or other key positions;
(10) Compliances with the employment agreement work rules, regulations and orders of Us;
(11) Record and management of data concerning leaves of employees; entitlement;
(12) Performance review and job assessment;
(13) Grant of scholarships and internship;
(14) Arrangements relating to termination or expiration of the employment agreement between Us and employee, including retirement;
(15) Organisation of activities by internal and external personnel;
(16) Arrangement in relation to any internal and external trainings, projects or employees’ capacity development programs, including issuance of training certificates;
(17) Communications and announcements to employees related to the performance of contract via any communication channels;
(18) Preparation of Power of Attorney; and
(19) Preparation of salary certificate, income statement, work certificate, or other certificates concerning employment, agency or other types of service agreements.
1.3 Legitimate interests
We rely on the legitimate interests by balancing the nature of Your personal data that We collect, use and/or disclose with the normal reasonable expectations and provide safeguards to reduce any negative impacts on Your fundamental rights and freedoms. This may include processing Your personal data to:
(1) Use personal data of non-applicants during the process of recruitment, interview and assessment of applicants, including to store the personal data of the beneficiaries of employees;
(2) Perform duties under a contract between Us and another person, where Your personal data is necessary but You are not a contractual party;
(3) Record and keep personal data on Our internal storage system;
(4) Enhance staff knowledge and capabilities, including relevant management and planning for corporate structuring projects;
(5) Pursue safety and business continuity measures including perform Our internal risk management function, and report incidents resulting from Our operations;
(6) Conduct employee background check;
(7) Perform Our accounting, financial, or other internal management operations;
(8) Undertake measures and actions towards surveillance, prevention, investigation, complaint handling, investigation of suspicious behaviors, or fraudulent behaviors, money laundering, and terrorism misconduct, including actions to prevent such incidents;
(9) Undertake and record of disciplinary action, make criminal report, give statements or information to the police, competence officer, court and other competent authorities;
(10) Take action relating to disputes, dispute resolution including establish, exercise, or defend the legal claim;
(11) Provide employment information, disclose employee status to third parties, such as companies in SCBX Group ;
(12) Prepare reports for Our internal departments including questionnaires, collecting, and analysing various data to support the work within the organization;
(13) Make travel and accommodations or other facilities arrangements for employees, such as ticket and hotel reservations, meals;
(14) Communicate with and make an announcement to employees via any channels; and
(15) Membership process for cooperatives
1.4 Consent
Normally, We will not collect, use and/or disclose Your personal data if We do not have any lawful bases to do so. However, if necessary, We will ask for Your consent to collect, use and/or disclose Your personal data for Your benefits the following purposes:
(1) Collect, use and disclose Your sensitive personal data for authentication, criminal background check or welfare and health benefits;
(2) Send or transfer Your personal data to a country of destination with inferior data protection standards; and
(3) When the data subject is classified as a minor, quasi-incompetent or incompetent whose consent must be given by their parent, guardian or curator (as the case may be).
1.5 Other lawful bases
Apart from the above lawful bases, other lawful bases that We may rely on the following bases when collecting, using or disclosing Your personal:
(1) Prepare historical documents or archives for the public interest, or purposes relating to research or statistics (Archives/Research/Statistic);
(2) Believe that the use of Your personal data is of vital interest or to prevent or suppress a danger to a person’s life, body or health (Vital Interest); and/or
(3) Believe that the use of Your personal data is necessary to carry out a public task, or exercise official authority (Public Task).
2. What personal data We collects
The personal data that We collect may vary depending on the objectives and necessities and may include both general and sensitive personal data.
Your personal data that We collect, use and/or disclose are as follows:
| Category | Examples of personal data |
|---|---|
| Personal details |
|
| Contact details |
|
| Identification and authentication details |
|
| Employment details |
|
| Welfares and benefits | Information relating to:
|
| Geographic information and information relating to Your devices and software |
|
| Investigation data |
|
| User login and subscription data |
|
| Information concerning security and information required to support our regulatory obligations |
|
| Sensitive personal data |
|
| Other information |
|
3. Sources of Your personal data
Normally, We will collect Your personal data directly from You. We sometimes may get it from other sources, in which case We will ensure that our sources of Your personal data comply with the PDPA.
Personal data that We collect from other sources may include:
(1) Information You have asked Us to collect for You, e.g. information about Your accounts or property holdings with other companies including transactional information;
(2) Information of any persons relevant to You (e.g. Your family, relatives, job or scholarship guarantor) that is necessary for Us to proceed with the relevant employment, benefits and welfare purposes;
(3) Information from third-party service providers and/or governmental authorities, e.g. information that helps us to combat fraud or information related to Your social interactions (including Your communications on social media, with individuals, organisations, clearing houses, custodians and any other stakeholders, obtained from the companies from which information is collected);
(4) Information from our trusted business partners or other third parties involved in Your transactions;
(5) If information arises out of Your insurance policy or claims thereunder, We may also collect:
(a) Information about Your medical records obtained through an agreement or with Your consent;
(b) Information about Your insurance claims history;
(c) Information from other parties involved in Your insurance policy or claim; or
(d) Information from publicly available sources;
(6) Information from CCTV and surveillance devices; or
(7) Information from companies in SCBX Group , relating to Your work or engagement
Other than the above-mentioned information, We may collect personal data of the following third parties from You:
By providing the personal data of the above-mentioned parties, You have the obligation to inform the data subjects of the details of the collection, use and/or disclosure to Us.
4. Your rights
PDPA aims to give You more control of Your personal data. You have legal rights concerning Your personal data. These rights include:
4.1 Right to access and obtain copy of Your personal data
You have the right to access and obtain Your personal data held by Us, except in the case where We are entitled to reject Your request under the law or a court order, or where Your request may affect the rights and freedoms of other persons.
4.2 Right to rectify Your personal data
You have the right to rectify Your personal data to be up-to-date, complete, accurate. at any time.
4.3 Right to erase Your personal data
You have the right to request Us to delete, destroy or anonymise Your personal data, except in the case where We have the legal grounds to deny Your request.
4.4 Right to restrict Your personal data
You have the right to request Us to restrict the processing of Your personal data under certain circumstances, for example when Your personal data is pending examination process to rectify Your personal data, or when it is no longer necessary for Us to retain the personal data.
4.5 Right to object the processing of Your personal data
You have the right to object to the processing of Your personal data, except in the case where We have compelling legitimate grounds which may override Your own interests, or when the processing of Your personal data is carried out to comply with, exercise or defend legal claims, or if such personal data processing is necessary for the performance of a task carried out under public interests.
4.6 Right to data portability Your personal data
You have the right to request Us to transfer Your personal data to any third parties, or request to obtain Your personal data that We have transferred to any third parties provided that it is technically feasible.
4.7 Right to withdraw consent
You have the right to withdraw Your consent given to Us at any time according to steps and procedures prescribed by Us, except where such consent, by its nature, is non-withdrawable Nevertheless, the withdrawal of Your consent shall not affect the collection, use and/or disclosure of Your personal data to which You already consented prior to the said consent withdrawal.
4.8 Right to lodge a complaint
You have the right to make a complaint with the Personal Data Protection Committee or their office to receive a fair remedial action.
5. How We share Your personal data
We may disclose Your personal data to the following third parties or organisations under the rules prescribed by the PDPA:
(1) Companies in SCBX Group, business partners and/or other persons that We have legal relationship with, including directors, management, employees, workers, contractors, authorised persons and consultants of such persons.
(2) Our customers or service receivers, where the disclosure is necessary for You to perform Your duties or it has other lawful bases to do so.
(3) Business partners, agents, third party service providers and other entities (e.g. external auditors, depositories, document warehouses providers, IT service providers), provided that the disclosure of Your personal data must have a specific purpose, and is made on lawful basis, as well as is subject to appropriate security measures.
(4) Any relevant persons as a result of activities relating to sales claims and/or assets, corporate restructuring or merger of Us where We may transfer their rights to such merged entity including any persons with whom We are required to share data for a proposed sale claims and/or assets, corporate restructuring, merger, financial arrangement, asset disposal or other transaction relating to Our business and/or assets used in its business operation.
(5) Legal counsel, attorneys, fraud prevention agencies, courts or governmental authorities or any person with whom We are required or permitted by law and other relevant regulations, court orders or other authorities, to disclose the personal data.
(6) Third-party guarantors or other persons that provide benefits or services to You (such as insurance company relevant to work, products or services.
(7) Your attorney-in-fact, legal representatives, sub-attorneys, or any other authorised persons or representatives legally empowered or entitled to use Your account.
(8) Governmental agencies, state enterprises, state agencies relating to the disclosure of Your personal data in accordance with the law and/or regulatory authority (e.g. the Department of Labour, Legal Execution Department, Education Loan Fund, the Bank of Thailand, The Securities and Exchange Commission, the Office of the Insurance Commission, the Ministry of Digital Economy and Society).
6. International transfer of personal data
In the case where it is necessary for Us to transfer Your personal data internationally, We will use its best efforts to send or transfer Your personal data to reliable business partners, service providers or recipients of Usin the safest way to keep Your personal data secure.
(1) it is required by law;
(2) We have informed You of the inadequate personal data protection standards of the destination country and has obtained Your consent;
(3) it is necessary for the performance of a contract to which You are a party or in accordance with application/request prior to execution of contract;
(4) it is necessary to comply with a contract between Us and other individual or juristic parties, for Your own interest;
(5) it is for a vital interest or it is to prevent or suppress a danger to a person’s life, body or health and You’re incapable of giving consent at such time; or
(6) We need to carry out activities relating to the public interest.
7. Retention period of personal data
We will keep Your personal data for as long as You still have the relationship with Us as our employee, service provider, contractor under the employment agreement, service agreement, hire of work agreement, agency contract, or other agreements of the same kind that You have entered into with Us. We will only keep Your personal data for a period of time that is appropriate for the type of personal data and the purpose We hold it for in accordance with the PDPA.
The period of time that We retains Your personal data is corresponding to the prescription period and law enforcement period under the laws. However, We may retain Your personal data after the expiration of such period if We are obligated to do so under the laws, or if any existing claims or complaints will reasonably require Us to keep Your personal data, or for regulatory or technical reasons, whereby if We are required to keep Your personal information for a longer period of time, We will continue to keep Your personal data secure.
Apart from this, We may need to retain CCTV surveillance in our offices, to prevent fraud and for security reason of our customers or related persons who visit or inform us.
8. Cookies
We may collect cookies and similar technologies when You use our systems, products and/or services, including when You use our websites for the operations and Our services, electronic systems, to make transactions through Our internet banking and applications .
The collection of cookies and similar technologies helps Us to recognise You and Your preferences, and customise our services to Your needs. We may use cookies for a number of purposes, such as improving Your online experience, as well as our understandings of how You interact with our e-mails, and allowing us to improve our communications with You, particularly, to ensure that online adverts displayed to You will be more relevant to You and of Your interests.
9. Use of personal data according to the original purposes
We have the right to collect and use Your personal information that We have collected before the enforcement of the PDPA if the collection and use are for the original purposes. If You do not wish Us to collect and use such personal data, please inform Us to withdraw Your consent at any time.
10. Security
We have implemented different measures to ensure that Your personal data is secure, such as data encryption, and also requires our staff and third-party contractors to follow our applicable privacy standards and policies and exercise due care and implement appropriate security measures when processing personal data.
11. How to contact us
If You have any questions about the Privacy Notice of Us or would like to exercise Your rights, please contact Us at HR@scbtechx.io
In addition You may contact our Data Protection Officer at tx.dpo@scbtechx.io or our head office SCB TechX Co., Ltd. located at SCB Park Plaza West B, Floor 21st, no. 19, Ratchadapisek Road, Chatuchak, Chatuchak, Bangkok 10900.
12. Changes to this Privacy Notice
We may change or update this Privacy Notice from time to time by notification or announcement of the revised Privacy Notice on our website.
Version July 2023
If you want to message us, please give your consent to SCB TechX to collect, use, and/or disclose your personal data.
