Privacy Notice
BCPG Public Company Limited and subsidiaries1 (“Company”) realize the importance of the Personal Data protection and have compliance and management of Personal Data which are consistent with Personal Data Protection law and the related laws. The Company would like to notify you of the Company’s compliance with the Personal Data Protection Act, B.E. 2562 (2019) as follows:
1. Personal Data
1.1 The Characteristics of Personal Data
In this document :
“Personal Data” means any information relating to a Person, which enables the identification of such Person, whether directly or indirectly, but not including the information of the deceased Persons in particular.
“Sensitive Personal Data” means Personal Data pertaining to racial, ethnic origins, political opinions, cult, religious or philosophical beliefs, sexual orientation, criminal records, health data, disability, trade union information, genetic data, biometric data (such as fingerprints or facial recognition data) or of any data which may affect the data subjects in the same manner, as prescribed by the Personal Data Protection Committee
1.2 The Collection of Personal Data
The Company may collect your Personal Data as follows :
1.2.1 Groups or Categories of Persons whom the Company Collects Personal Data
- Employees means persons who work or perform any duties for the Company and receive wages, welfare benefits, or any other compensations from the Company, irrespective of what such compensation is called but not including contractors or service providers which are business partners of the Company.
1.2.2 Categories of Personal Data
-
General Personal Data
(a) Personal information including, among others, name and surname, the date and place of birth, age, gender, weight, height, personal identity number, copy of Personal Identity Card, photo, driving license, copy of Passport, signature, marriage status, military services data, family information, etc.
(b) Contact information including, among others, address, telephone number, e-mail address, emergency contact person details and reference person details, etc.
(c) Information related to electronic systems access and usage such as IP Address, Browser, and cookies or others with similar manner, etc.
(d) Qualification Information on education and training, such as academic and training background (such as institution name, faculty, program, and year of graduation, etc.), academic certificate, transcript, language skills, computer skills, training and test details, and activities participated during the time of study, etc.
(e) Information on job application, such as personal profile, working experience, details in resume/CV, criminal record, position applied, expected salary, interviewed details, evidence or reference documents, and details as appeared in the interview assessment form (such as assessment results, knowledge and experience, personal characteristics, team work, and working potentials), etc.
(f) Information using for Company transaction, such as copy of Personal Identity, power of attorney, agreements, etc.
(g) Information on work and assessment, such as personnel code, position, department, affiliation, chain of command, performance assessment, working behavior, achievement and/or award received, training information, disciplinary action information, details which appear in personnel transfer document of the Company, personnel on loan contract, letter of resignation, and reason for the resignation, etc.
(h) Information on benefit and remuneration, such as salary, wages, reward, bonus, pension details, welfare, bank account number, beneficiary’s details, social security details, provident fund details, tax details, tax deduction details, health benefit details (including for family member) and/or other benefits, Personal Data which appears in medical certificates, annual health reports, maternity leave forms, welfare money lending forms, salary reduction consent letters, receipts, invoices and compensation request forms (for accident and life insurance) etc.
(i) Information on registration statistics, such as starting date, probation end date, working date and time, hours of work, hours of overtime work, annual leave, leave date, leave form, leave details including reasons for such leave, the Company entry and exit record, and usage record of systems of the Company, etc.
(j) Technical information, such as log file, IP Address, and information that the Company collects through the use of Cookies or other similar technologies, etc.
(k) Conflict of Interest Information such as shareholding information, relation between personnel and vendors, etc.
(l) Other information, such as voice recording of conversations, and photo and video recording by means of CCTV, etc.
-
Sensitive Personal Data
such as the Processing of sensitive Personal Data, such as criminal records, health information (such as annual health check report, details of medical treatment issued by doctors), drug examine report, and biometric information.
Disclaimer : The Company would like to inform you that in case its request of your Personal Identification Data such as Identity Card, Passport or others documents which may contain Sensitive Data, such as religion or blood group. The Company have no intention to collect those Sensitive Data. As a result, the Company requests the Data Subject to delete or to hide those data in some ways. Therefore, if you do not proceed with the said data erasure, the Company will reserve the right to act as if it does not obtain such a data.
2. The respect of Personal privacy
The Company respects Data Subjects’ right of their Personal Data and is also aware of the Data Subjects’ intention for the due protection of their Personal Data. Any Personal Data submitted to the Company will be used only for the stated purposes. The Company has strict security measures and a prevention not to let the unauthorized parties from accessing and using your Personal Data.
3. The Collection of Personal Data
In the direct collection, use, and disclosure of your Personal Data, the Company shall solicit your consent should it be legally required and shall use the Personal Data only as necessary and only in accordance with the Company’s specified purposes.
However, the Company may collect your Personal Data from any other sources, such as from various social media, vendor or supplier, but only in necessity and carried out in accordance with legal requirements. The Company may collect your Personal Data by (a) automated means, such as the use of Cookies or other similar technologies (b) third parties, such as group company, third-party website, social media, other business partner, reference person, government agency, persons who may be contacted in case of emergency etc.
4. Purposes for the collection, use and disclosure of Personal Data
The Company collects, uses, and discloses your Personal Data for the following purposes :
- The Processing of Personal Data of personnel is necessary for the performance of the contracts between Company and you which includes your employment contract, preparation of the employment contract, compliance with the employment contract, compliance with the rules and regulations of our personnel management, code of ethics, staff transfer, secondment, training, performance appraisal, consideration of positions, compensation administration, and management of health and safety of our employees.
- The Processing of Personal Data of personnel is necessary for compliance with a legal obligation to which we are subject e.g. labor protection law; labor relations law; social security law; Taxation law; Social security law; provident fund law; Securities and Exchange law; safety, occupational, health, and working environment law; laws regulating occupations and diseases from the environment, contagious disease control law.
- The Processing of Personal Data of personnel is necessary for the purposes of the legitimate interests pursued by Company or by a third party e.g. human resource management; study, analysis, and allocation of manpower; employee development; provision of medical welfare, insurance welfare, and other welfare of staff such as hospitals, employee activities; financial and budget management; internal contact; interaction with third parties; various operations through registration, authorization, and certification; publication of documents; report preparation; sending information to government agencies or regulatory agencies; identification and verification of the information provided by employees; analyzing and creating a database about work history; communication; sending news and public relations; improving the working environment; providing facilities; information security; creating user accounts; identification to access the work system and access to information systems; security; accident and crime prevention; investigation and handling of complaints and fraud; cases or disputes; management of employees after termination or retirement.
- The Processing of Personal Data of personnel is necessary in order to protect vital interests of you or of another person. The Company processes your personal data to, for instance, make contact in case of emergency and control and prevent disease.
- The Processing of Personal Data of personnel is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us
- With your consent, the Company may process your personal data to conduct other activities which the Company might have to collect additional personal data about you in which case the Company will inform and request your new consent from time to time.
Therefore, the Company will collect, use, and disclose your Personal Data only by your consent, (only in case prescribed by law) with the exception of certain cases prescribed by the Personal Data Protection Act, B.E. 2562 (2019): it is necessary to take steps at the request of the Data Subject prior to entering into a contract or for executing the obligation of the contract. Otherwise, it is necessary for legitimate interests of the Company or any other Persons or juristic persons other than the Company, except where such interests are overridden by the fundamental rights of your Personal Data. It is necessary to comply with a law to which the Company is subjected. The Personal Data collected by the Company in relation to the above-mentioned purposes are required in compliance with contractual obligations or in accordance with applicable laws. In case of refusal to provide the required Personal Data, it may be considered as an infringement of relevant laws or may cause the Company not to be able to manage or execute contractual obligations or facilitate services for you.
However, should any modifications to the stated purposes for the collection of Personal Data subsequently occur, the Company will duly inform you as well as fulfill other legal obligations, including the recording as evidence of the amendment of the purposes stated in this Privacy Notice.
5. The Personal Data retention period
The Company will retain your Personal Data only for the necessary duration, and will collect, use and disclose your Personal Data, as defined in this Privacy Notice, in accordance with the duration criteria, namely the period during which you are still related to the Company as a vendor, and may still retain your Personal Data as long as needed for legal compliance or as per legal prescription, for the establishment of legal claims, legal compliance or exercise of legal claims, or defense of legal claims, or for other purposes in accordance with policies and the internal regulations of the Company.
In this regard, the Company will retain your Personal Data for the period not exceeding 10 years, starting from the date your legal relations/transactions with the Company come to an end. However, the Company may retain your Personal Data for a longer period of such time prescribed if the laws permit or such retention of Personal Data is necessary for the establishment of the right of claim of the Company.
After the period of time set forth above has expired, the Company will delete or destroy such Personal Data from the storage or system of the Company and other persons providing services to the Company (if any) or anonymize your Personal Data.
6. Security Measures
The Company has in place adequate and strict security measures, in accordance with Policy and Guidelines on Information Technology of the Company, to prevent Personal Data, loss, access, destruction, use, alteration, correction, and to prohibit unauthorized or unlawful use of Personal Data.
7. Your Rights as a Data Subject
As a Data Subject, you have the rights as prescribed in the Personal Data Protection Act, B.E. 2562 (2019) and other rights as follows :
7.1 Right to withdraw the consent as prescribed by law.
7.2 Right to access to the Personal Data
7.3 Right to request for sending or transferring the Personal Data (Right to data portability)
7.4 Right to object the collection, use, or disclosure of Personal Data
7.5 Right to request the erasure of Personal Data (Right to be forgotten)
7.6 Right to restrict the use of Personal Data
7.7 Right to request for the correction of the Personal Data
7.8 Right to be informed in case of the modification of the Privacy Notice
7.9 Right to complain to authorized officials as prescribed by the Personal Data Protection Act, B.E. 2562 (2019)
In the event that the Data Subject lodges their request to exercise their rights as prescribed by the Personal Data Protection Act, B.E. 2562 (2019), upon reception of such request, the Company will further proceed within the duration of time as prescribed by the Act. However, the Company reserves the right to deny or not to proceed with the request as prescribed by law in case that the Data Subject has chosen to provide to the Company only certain Personal Data which may cause the Company not to be able to provide full services. Moreover, the Company may not be able to collaborate with or to provide services to the Data Subject if they do not consent to the provision of information as required by the Company.
8. The Disclosure of Personal Data to a Third Party
The Company may disclose your Personal Data in accordance with the Purposes and the rules prescribed under the laws to the following entities and persons:
- BCPG Group, both in and outside Thailand, including executives, directors, staff, employees and/or relevant in-house personnel, and as necessary on a need-to-know basis for the Processing of your Personal Data.
- Business partners, service providers, and data processors designated or hired by the Company to perform duties in connection with the management/Processing of Personal Data for the Company in the provision of various services, such as personnel’s physical examinations by business partners, information technological services, data recording services, payment services, health services, insurance services, training services, data analysis services, research services, marketing services, or any other services which may be beneficial to you or relevant to the Company’s business operations.
- Advisors of the Company, such as legal advisors, lawyers, auditors, or any other internal and external experts of the Company, etc.
- Relevant governmental agencies which have supervisory duties under the laws or which have requested the disclosure pursuant to their lawful powers or relevant to the legal process or which were granted permission pursuant to applicable laws, such as the Department of Labour Protection and Welfare, Department of Skill Development, Department of Empowerment of Persons with Disabilities, Social Security Office, Department of Provincial Administration, Department of Business Development, Office of Securities and Exchange Commission, the Stock Exchange of Thailand, Royal Thai Police, Office of the Attorney General, court, and Legal Execution Department, etc.
- Customers, vendors, contracting parties of the Company which you have contacted or are relevant to your duty or position, or any other person in similar manners.
- Any persons or other entities that you have given consent to disclose your Personal Data to, such as the disclosure of processed images of activities through various media platforms of the Company to the general public.
The disclosure of your Personal Data to third parties shall be in accordance with the Purposes or other purposes permitted by law, provided that if the law requires your consent to be provided, the Company will request your prior consent. The Personal Data will be kept confidential, either in paper form or electronic form, including during its transfer
However, in case of an international transfer of Personal Data, the Company will strictly comply with the Personal Data Protection Act, B.E. 2562 (2019).
9. Data Protection Officer
The Company has complied with the Personal Data Protection Act, B.E. 2562 (2019) by appointing a Data Protection Officer (DPO) to review the Company’s collection, usage and disclosure of Personal Data for conformance with the Personal Data Protection Act, B.E. 2562 (2019) including other related laws.
10. Contact channels
Enquires or questions on the Personal Data Protection can be addressed to the following channels :
BCPG Public Company Limited
Address : BCPG Public Company Limited 2098 M Tower Building, 12th Floor, Sukhumvit Road, Phra Khanong Tai, Phra Khanong, Bangkok 10260 Thailand
Tel : 02-335-8999
Data Protection Officer (DPO)
Address : BCPG Public Company Limited 2098 M Tower Building, 12th Floor, Sukhumvit Road, Phra Khanong Tai, Phra Khanong, Bangkok 10260 Thailand
Email : DPOoffice@bcpggroup.com
11. Amendment of the Policy and Guideline on Personal Data Protection
The Company may, from time to time, review this Policy for compliance with the changing guidelines and relevant laws. In case of changes thereto, the Company will provide a public notification through appropriate channels.
Given this day, March 29, 2022
BCPG Public Company Limited and subsidiaries1 (“Company”) realize the importance of the Personal Data protection and have compliance and management of Personal Data which are consistent with Personal Data Protection law and the related laws. The Company would like to notify you of the Company’s compliance with the Personal Data Protection Act, B.E. 2562 (2019) as follows :
1. Personal Data
1.1 The Characteristics of Personal Data
In this document :
“Personal Data” means any information relating to a Person, which enables the identification of such Person, whether directly or indirectly, but not including the information of the deceased Persons in particular.
“Sensitive Personal Data” means Personal Data pertaining to racial, ethnic origins, political opinions, cult, religious or philosophical beliefs, sexual orientation, criminal records, health data, disability, trade union information, genetic data, biometric data (such as fingerprints or facial recognition data) or of any data which may affect the data subjects in the same manner, as prescribed by the Personal Data Protection Committee
1.2 The Collection of Personal Data
The Company may collect your Personal Data as follows :
1.2.1 Groups or Categories of Persons whom the Company Collects Personal Data
- Vendors mean person who provide quotations for products and/or services to be sold to the company or have registered as vendors with the Company or have any other relationships of a similar nature with the Company including Prospective vendors which intend to do the contract and/or have registered as vendor with the Company such as middleman, service providers like Warehouse, Transportation, Specialist, Business Consultant, Lecturer, Business partnership or any other persons having similar characteristics, etc.
- Persons in relation to vendors mean natural persons who are related to or act as representatives of vendors such as directors, employees, representatives or personnel of vendors who are juristic persons, including those whose Personal Data appears in various documents in connection to relevant processes, such as purchasers, receivers and cheque payers, etc.
1.2.2 Categories of Personal Data
-
General Personal Data
(a) Personal information including, among others, name and surname, the date and place of birth, age, gender, personal identity number, photo, signature, nationality, company position and various data identifying person.
(b) Contact information including, among others, address, telephone number, fax number, e-mail, Line id and other information etc.
(c) Business information such as Personal data that appeared in copy of right certificate, commercial condition etc.
(d) Information concerning sale and purchase transaction, such as vendor code, detail of the wishlisted product, the details of product receipt, details of delivery and raw materials, account number, and amount of money, etc.
(e) Information that is used as supporting evidence in the Company’s vendor registration or execution of transactions, such as Personal Data which appears in a copy of national identification card, copy of passport, copy of change of name certificate, copy of house registration, copy of driving license , copy of vehicle registration, car number plate, type of car, copy of title deed, copy of power of attorney, copy of company affidavit, invoice, cheque and cheque stub, payment voucher, copy of professional or business license, etc.
(f) Information related to electronic systems access and usage such as IP address, Browser, and the information that the company collects through the use of cookies or other similar technologies, etc.
(g) Other information, such as voice recording of conversations and photo and video recording by means of CCTV, etc.
-
Sensitive Personal Data
such as biometric data (such as fingerprint, face image data, blood group, etc.) data about your health information, information about criminal records, etc.
Disclaimer : The Company would like to inform you that in case its request of your Personal Identification Data such as Identity Card, Passport or others documents which may contain Sensitive Data, such as religion or blood group. The Company have no intention to collect those Sensitive Data. As a result, the Company requests the Data Subject to delete or to redact those data in some ways. Therefore, if you do not proceed with the said data erasure, the Company will reserve the right to act as if it does not obtain such a data.
2. The respect of Personal privacy
The Company respects Data Subjects’ right of their Personal Data and is also aware of the Data Subjects’ intention for the due protection of their Personal Data. Any Personal Data submitted to the Company will be used only for the stated purposes. The Company has strict security measures and a prevention not to let the unauthorized parties from accessing and using your Personal Data.
3. The Collection of Personal Data
In the direct collection, use, and disclosure of your Personal Data, the Company shall solicit your consent should it be legally required and shall use the Personal Data only as necessary and only in accordance with the Company’s specified purposes.
However, the Company may collect your Personal Data from any other sources, such as from various social media, vendor or supplier, but only in necessity and carried out in accordance with legal requirements. The Company may collect your Personal Data by (a) automated means, such as the use of Cookies or other similar technologies (b) third parties, such as group company, third-party website, social media, other business partner, reference person, government agency, persons who may be contacted in case of emergency etc.
4. Purposes for the collection, use and disclosure of Personal Data
The Company collects, uses, and discloses your Personal Data for the following purposes :
- For the purpose to comply with business partner requisition in contracting process or comply with the vendor contract.
- For the purpose of complying with relevant laws which are applicable to the Company’s business and legitimate orders of government agencies and relevant officials such as taxation laws, Laws on Personal Data Protection, and legitimate orders of government agencies and relevant officer, such as Office of the Personal Data Protection Commission (PDPC office), etc.
- For the purpose legitimate interest such as the processing of personal data is necessary to communicate with vendors or any other persons having similar characteristics, executing and managing of agreement between the Company and any other contractual parties, registering vendor in Company process such as procurement, order to cash, managing relationship between company and business partner, monitoring and evaluating vendor or Persons in relation to vendors performance as identifying in purchase order or any other document, using internal management to execute any actions to operate the business including to provide and develop product and/or services such as questionnaire , interview, monitor, protect and ensure the security of persons and properties of the company or to track properties or claim damages in case where the properties of the company are lost or damaged, including for the establishment, compliance, exercise or defense of legal claims in various stages according to the law, such as, investigation and/or inquiry by government officials, case preparation, prosecution, and/or pursuit of the case in court, etc.
- Preventing or suppressing danger to a person’s life, body, or health basis: The Processing of Personal Data is necessary for the benefit in monitoring, preventing, or suppressing any circumstances which may be dangerous to a person’s life, body, or health.
- For the purpose that the company will notify you and you consent to the company
Therefore, the Company will collect, use, and disclose your Personal Data only by your consent, (only in case prescribed by law) with the exception of certain cases prescribed by the Personal Data Protection Act, B.E. 2562 (2019) for example; it is necessary to take steps at the request of the Data Subject prior to entering into a contract or for executing the obligation of the contract. Otherwise, it is necessary for legitimate interests of the Company or any other Persons or juristic persons other than the Company, except where such interests are overridden by the fundamental rights of your Personal Data. It is necessary to comply with a law to which the Company is subjected. The Personal Data collected by the Company in relation to the above-mentioned purposes are required in compliance with contractual obligations or in accordance with applicable laws. In case of refusal to provide the required Personal Data, it may be considered as an infringement of relevant laws or may cause the Company not to be able to manage or execute contractual obligations or facilitate services for you.
However, should any modifications to the stated purposes for the collection of Personal Data subsequently occur, the Company will duly inform you as well as fulfill other legal obligations, including the recording as evidence of the amendment of the purposes stated in this Privacy Notice.
5. The Personal Data retention period
The Company will retain your Personal Data only for the necessary duration, and will collect, use and disclose your Personal Data, as defined in this Privacy Notice, in accordance with the duration criteria, namely the period during which you are still related to the Company as a vendor, and may still retain your Personal Data as long as needed for legal compliance or as per legal prescription, for the establishment of legal claims, legal compliance or exercise of legal claims, or defense of legal claims, or for other purposes in accordance with policies and the internal regulations of the Company.
In this regard, the Company will retain your Personal Data for the period not exceeding 10 years, starting from the date your legal relations/transactions with the Company come to an end. However, the Company may retain your Personal Data for a longer period of such time prescribed if the laws permit or such retention of Personal Data is necessary for the establishment of the right of claim of the Company.
In Case you have been selected as Personnel of the Company, The Company will continue to collect your personal data for the duration that is necessary to meet the employment according to the Privacy Notice For Process Related to Personnel of Global Green Chemicals Plc.,
6. Security Measures
The Company has in place adequate and strict security measures, in accordance with Policy and Guidelines on Information Technology of the Company, to prevent Personal Data, loss, access, destruction, use, alteration, correction, and to prohibit unauthorized or unlawful use of Personal Data.
7. Your Rights as a Data Subject
7.1 Right to withdraw the consent as prescribed by law.
7.2 Right to access to the Personal Data
7.3 Right to request for sending or transferring the Personal Data (Right to data portability)
7.4 Right to object the collection, use, or disclosure of Personal Data
7.5 Right to request the erasure of Personal Data (Right to be forgotten)
7.6 Right to restrict the use of Personal Data
7.7 Right to request for the correction of the Personal Data
7.8 Right to be informed in case of the modification of the Privacy Notice
7.9 Right to complain to authorized officials as prescribed by the Personal Data Protection Act, B.E. 2562 (2019)
In the event that the Data Subject lodges their request to exercise their rights as prescribed by the Personal Data Protection Act, B.E. 2562 (2019), upon reception of such request, the Company will further proceed within the duration of time as prescribed by the Act. However, the Company reserves the right to deny or not to proceed with the request as prescribed by law in case that the Data Subject has chosen to provide to the Company only certain Personal Data which may cause the Company not to be able to provide full services. Moreover, the Company may not be able to collaborate with or to provide services to the Data Subject if they do not consent to the provision of information as required by the Company.
8. The Disclosure of Personal Data to a Third Party
The Company may disclose your Personal Data in accordance with the Purposes and the rules prescribed under the laws to the following entities and persons:
- BCPG Group, both in and outside Thailand, including executives, directors, staff, employees and/or relevant in-house personnel, and as necessary on a need-to-know basis for the Processing of your Personal Data.
- Business partners, service providers, and data processors designated or hired by the Company to perform duties in connection with the management/ Processing of Personal Data for the Company in the provision of various services, such as Company Agents, Shipping Services, information technological services, data recording services, payment services, IT Services, or any other services which may be beneficial to you or relevant to the Company’s business operation.
- Advisors of the Company, such as legal advisors, lawyers, auditors, or any other internal and external experts of the Company, etc.
- Relevant governmental agencies which have supervisory duties under the laws or which have requested the disclosure pursuant to their lawful powers or relevant to the legal process or which were granted permission pursuant to applicable laws, such as Anti-Money Laundering Office, Revenue Department, Ministry of Commerce, Office of the Personal Data Protection Commission, Office of Trade Competition Commission, Royal Thai Police, Office of the Attorney General, and court, etc.
- Any persons or other entities that you have given consent to disclose your Personal Data to, such as the disclosure of processed images of activities through various media platforms of the Company to the general public.
The disclosure of your Personal Data to third parties shall be in accordance with the Purposes or other purposes permitted by law, provided that if the law requires your consent to be provided, the Company will request your prior consent. The Personal Data will be kept confidential, either in paper form or electronic form, including during its transfer
However, in case of an international transfer of Personal Data, the Company will strictly comply with the Personal Data Protection Act, B.E. 2562 (2019).
9. Data Protection Officer
The Company has complied with the Personal Data Protection Act, B.E. 2562 (2019) by appointing a Data Protection Officer (DPO) to review the Company’s collection, usage and disclosure of Personal Data for conformance with the Personal Data Protection Act, B.E. 2562 (2019) including other related laws.
10. Contact channels
Enquires or questions on the Personal Data Protection can be addressed to the following channels :
BCPG Public Company Limited
Address : BCPG Public Company Limited 2098 M Tower Building, 12th Floor, Sukhumvit Road, Phra Khanong Tai, Phra Khanong, Bangkok 10260 Thailand
Tel : 02-335-8999
Data Protection Officer (DPO)
Address : BCPG Public Company Limited 2098 M Tower Building, 12th Floor, Sukhumvit Road, Phra Khanong Tai, Phra Khanong, Bangkok 10260 Thailand
Email : DPOoffice@bcpggroup.com
11. Amendment of the Policy and Guideline on Personal Data Protection
The Company may, from time to time, review this Policy for compliance with the changing guidelines and relevant laws. In case of changes thereto, the Company will provide a public notification through appropriate channels.
Given this day, March 29, 2022
BCPG Public Company Limited and subsidiaries1 (“Company”) realize the importance of the Personal Data protection and have compliance and management of Personal Data which are consistent with Personal Data Protection law and the related laws. The Company would like to notify you of the Company’s compliance with the Personal Data Protection Act, B.E. 2562 (2019) as follows:
1. Personal Data
1.1 The Characteristics of Personal Data
In this document :
“Personal Data” means any information relating to a Person, which enables the identification of such Person, whether directly or indirectly, but not including the information of the deceased Persons in particular.
“Sensitive Personal Data” means Personal Data pertaining to racial, ethnic origins, political opinions, cult, religious or philosophical beliefs, sexual orientation, criminal records, health data, disability, trade union information, genetic data, biometric data (such as fingerprints or facial recognition data) or of any data which may affect the data subjects in the same manner, as prescribed by the Personal Data Protection Committee
1.2 The Collection of Personal Data
The Company may collect your Personal Data as follows :
1.2.1 Groups or Categories of Persons whom the Company Collects Personal Data
- Shareholders or Securities holders mean Persons who are shareholders or securities holders of the Company, such as shareholders, bond holders or holders of other types of securities, etc. including an attorney or a proxy of such person
- Directors mean Persons who are nominated to be the director of the Company
1.2.2 Categories of Personal Data
-
General Personal Data
(a) Personal information including, among others, name and surname, nationality, copy of ID or Passport
(b) Contact information including, among others, address, telephone number, e-mail, and other social media channel, etc.
(c) Information related to electronic systems access and usage such as IP Address, Browser, and cookies or others with similar manner, etc.
(d) Information related to shareholding or securities holding, bank account for the use of dividend payment, etc.
(e) Information related to shareholders or securities holders’ activities such as picture, history of participation of any activities including any picture or such activities, etc.
(f) Information for Directors including information on compensation, training, activities, marital status, information about spouses/cohabit as husband and wife, children, father, mother, siblings, blood group, bank account number, e-mail, educational background, occupation, work history. Directorship or holding positions in other companies or businesses, Board of Directors or sub-committee Shareholders meeting attendance, Director's Remuneration, Securities holding information, Securities company name, Director's performance and other information as required by law or Good Corporate Governance principles
(g) Other information such as records of your picture, motion picture, voice recording, etc.
Disclaimer : The Company would like to inform you that in case its request of your Personal Identification Data such as Identity Card, Passport or others documents which may contain Sensitive Data, such as religion or blood group. The Company have no intention to collect those Sensitive Data. As a result, the Company requests the Data Subject to delete or to hide those data in some ways. Therefore, if you do not proceed with the said data erasure, the Company will reserve the right to act as if it does not obtain such a data.
2. The respect of Personal privacy
The Company respects Data Subjects’ right of their Personal Data and is also aware of the Data Subjects’ intention for the due protection of their Personal Data. Any Personal Data submitted to the Company will be used only for the stated purposes. The Company has strict security measures and a prevention not to let the unauthorized parties from accessing and using your Personal Data.
3. The Collection of Personal Data
In the direct collection, use, and disclosure of your Personal Data, the Company shall solicit your consent should it be legally required and shall use the Personal Data only as necessary and only in accordance with the Company’s specified purposes.
However, the Company may collect your Personal Data from any other sources other than directly from the owner of the Personal Data but only in necessity and carried out in accordance with legal requirements. The Company may collect your Personal Data by (a) automated means, such as the use of Cookies or other similar technologies (b) Third Party such as transfer of data from subsidiaries of the Company, etc.
4. Purposes for the collection, use and disclosure of Personal Data
The Company collects, uses, and discloses your Personal Data for the following purposes :
- According to your request to the Company.
- For the purpose of complying with legal obligation to which we are subject to such as auditing and Dividend payment for shareholders of securities holders, accounting reports and reports and the arrangement of Shareholders or securities holders Meeting, any other related activities relating shareholders or securities holders including compliance with laws and regulations governing a public company limited or companies listed on the Stock Exchange of Thailand (whichever applies), etc.
- For the purpose legitimate interest such as the processing of personal data is necessary to secure and safeguard the collection of personal data of shareholders, securities holders which are vital for audit and management of related rights and benefits of shareholders or securities holders including the management of the Company activities or sending newsletter for the interest of shareholders or securities holders, etc.
- The Processing of Personal Data of personnel is necessary in order to protect vital interests of you or of another person.
- For the purpose that the company will notify you and you consent to the company
Therefore, the Company will collect, use, and disclose your Personal Data only by your consent, (only in case prescribed by law) with the exception of certain cases prescribed by the Personal Data Protection Act, B.E. 2562 (2019) for example, it is necessary to take steps at the request of the Data Subject prior to entering into a contract or for executing the obligation of the contract. Otherwise, it is necessary for legitimate interests of the Company or any other Persons or juristic persons other than the Company, except where such interests are overridden by the fundamental rights of your Personal Data. It is necessary to comply with a law to which the Company is subjected. The Personal Data collected by the Company in relation to the above-mentioned purposes are required in compliance with contractual obligations or in accordance with applicable laws. In case of refusal to provide the required Personal Data, it may be considered as an infringement of relevant laws or may cause the Company not to be able to manage or execute contractual obligations or facilitate services for you.
However, should any modifications to the stated purposes for the collection of Personal Data subsequently occur, the Company will duly inform you as well as fulfill other legal obligations, including the recording as evidence of the amendment of the purposes stated in this Privacy Notice.
5. The Personal Data retention period
The Company will retain your Personal Data only for the necessary duration, and will collect, use and disclose your Personal Data, as defined in this Privacy Notice, in accordance with the duration criteria, namely the period during which you are still related to the Company as a shareholders, securities holders and may still retain your Personal Data as long as needed for legal compliance or as per legal prescription, for the establishment of legal claims, legal compliance or exercise of legal claims, or defense of legal claims, or for other purposes in accordance with policies and the internal regulations of the Company.
In this regard, the Company will retain your Personal Data for the period not exceeding 10 years, starting from the date your legal relations/transactions with the Company come to an end. However, the Company may retain your Personal Data for a longer period of such time prescribed if the laws permit or such retention of Personal Data is necessary for the establishment of the right of claim of the Company.
After the period of time set forth above has expired, the Company will delete or destroy such Personal Data from the storage or system of the Company and other persons providing services to the Company (if any) or anonymize your Personal Data.
6. Security Measures
The Company has in place adequate and strict security measures, in accordance with Policy and Guidelines on Information Technology of the Company, to prevent Personal Data, loss, access, destruction, use, alteration, correction, and to prohibit unauthorized or unlawful use of Personal Data.
7. Your Rights as a Data Subject
7.1 Right to withdraw the consent as prescribed by law.
7.2 Right to access to the Personal Data
7.3 Right to request for sending or transferring the Personal Data (Right to data portability)
7.4 Right to object the collection, use, or disclosure of Personal Data
7.5 Right to request the erasure of Personal Data (Right to be forgotten)
7.6 Right to restrict the use of Personal Data
7.7 Right to request for the correction of the Personal Data
7.8 Right to be informed in case of the modification of the Privacy Notice
7.9 Right to complain to authorized officials as prescribed by the Personal Data Protection Act, B.E. 2562 (2019)
In the event that the Data Subject lodges their request to exercise their rights as prescribed by the Personal Data Protection Act, B.E. 2562 (2019), upon reception of such request, the Company will further proceed within the duration of time as prescribed by the Act. However, the Company reserves the right to deny or not to proceed with the request as prescribed by law in case that the Data Subject has chosen to provide to the Company only certain Personal Data which may cause the Company not to be able to provide full services. Moreover, the Company may not be able to collaborate with or to provide services to the Data Subject if they do not consent to the provision of information as required by the Company.
8. The Disclosure of Personal Data to a Third Party
The Company may disclose your Personal Data in accordance with the Purposes and the rules prescribed under the laws to the following entities and persons:
- BCPG Group, both in and outside Thailand, including executives, directors, staff, employees and/or relevant in-house personnel, and as necessary on a need-to-know basis for the Processing of your Personal Data.
- Business partners, service providers, and data processors designated or hired by the Company to perform duties in connection with the management/ Processing of Personal Data for the Company in the provision of various services, such as IT services providers or any other services which may be beneficial to you or relevant to the Company’s business operations.
- Advisors of the Company, such as legal advisors, lawyers, auditors, or any other internal and external experts of the Company, etc.
- Relevant governmental agencies which have supervisory duties under the laws or which have requested the disclosure pursuant to their lawful powers or relevant to the legal process or which were granted permission pursuant to applicable laws, such as Department of Business Development, Office of Securities and Exchange Commission, the Stock Exchange of Thailand, Royal Thai Police, Office of the Attorney General, court, and Legal Execution Department, etc.
- Any persons or other entities that you have given consent to disclose your Personal Data to, such as the disclosure of processed images of activities through various media platforms of the Company to the general public.
The disclosure of your Personal Data to third parties shall be in accordance with the Purposes or other purposes permitted by law, provided that if the law requires your consent to be provided, the Company will request your prior consent. The Personal Data will be kept confidential, either in paper form or electronic form, including during its transfer
However, in case of an international transfer of Personal Data, the Company will strictly comply with the Personal Data Protection Act, B.E. 2562 (2019).
9. Data Protection Officer
The Company has complied with the Personal Data Protection Act, B.E. 2562 (2019) by appointing a Data Protection Officer (DPO) to review the Company’s collection, usage and disclosure of Personal Data for conformance with the Personal Data Protection Act, B.E. 2562 (2019) including other related laws.
10. Contact channels
Enquires or questions on the Personal Data Protection can be addressed to the following channels :
BCPG Public Company Limited
Address : BCPG Public Company Limited 2098 M Tower Building, 12th Floor, Sukhumvit Road, Phra Khanong Tai, Phra Khanong, Bangkok 10260 Thailand
Tel : 02-335-8999
Data Protection Officer (DPO)
Address : BCPG Public Company Limited 2098 M Tower Building, 12th Floor, Sukhumvit Road, Phra Khanong Tai, Phra Khanong, Bangkok 10260 Thailand
Email : DPOoffice@bcpggroup.com
11. Amendment of the Policy and Guideline on Personal Data Protection
The Company may, from time to time, review this Policy for compliance with the changing guidelines and relevant laws. In case of changes thereto, the Company will provide a public notification through appropriate channels.
Given this day, March 29, 2022
BCPG Public Company Limited and subsidiaries1 (“Company”) realize the importance of the Personal Data protection and have compliance and management of Personal Data which are consistent with Personal Data Protection law and the related laws. The Company would like to notify you of the Company’s compliance with the Personal Data Protection Act, B.E. 2562 (2019) as follows:
1. Personal Data
1.1 The Characteristics of Personal Data
In this document :
“Personal Data” means any information relating to a Person, which enables the identification of such Person, whether directly or indirectly, but not including the information of the deceased Persons in particular.
“Sensitive Personal Data” means Personal Data pertaining to racial, ethnic origins, political opinions, cult, religious or philosophical beliefs, sexual orientation, criminal records, health data, disability, trade union information, genetic data, biometric data (such as fingerprints or facial recognition data) or of any data which may affect the data subjects in the same manner, as prescribed by the Personal Data Protection Committee
1.2 The Collection of Personal Data
The Company may collect your Personal Data as follows :
1.2.1 Groups or Categories of Persons whom the Company Collects Personal Data
- Job Applicants mean person who may be selected to be personnel of the Company. The Company may directly collect Personal Data of the job applicants by itself or obtain the Personal Data from a third party.
- Internship Applicants mean person who applied for an internship of the Company. The Company may directly collect Personal Data of the job applicants by itself or obtain the Personal Data from a third party.
- Interns mean person who is selected to be interns of the Company and the Company accepted to be interns of the Company. Hereinafter referred to as “you”
1.2.2 Categories of Personal Data
-
General Personal Data
(a) Personal information including, among others, name and surname, the date and place of birth, age, gender, weight, height, personal identity number, copy of Personal Identity Card, photo, driving license, copy of Passport, signature, marriage status, military services data, family information, etc.
(b) Contact information including, among others, address, telephone number, e-mail address, emergency contact person details and reference person details, etc.
(c) Information related to electronic systems access and usage such as IP Address, Browser, and cookies or others with similar manner, etc.
(d) Education Information including, among others, academics and trainings background, experiences, academic certificate, language skills test or others, computer skills, and other information provide in your Curriculum Vitae (CV), etc.
(e) Information related to the job applicants including, among others, Information about recruiting or apply for an internship (as the case may be) such as Personal data, work history, education information, Information displayed in the application documents and supporting documents for admission as personnel employees of the Company (e.g. national ID card, copy of name or surname change certificate, Copy of house registration, birth certificate, insured registration form, consent letter for personal background examination, employment contract, etc.) information and documents shown in the job interview evaluation form, etc.
(f) Other information necessary for recruiting and selecting staff or interns, compliance with an internship contract, provision of welfare and benefits, analysis, management, and legal compliance
(g) Other information such as records of your picture, motion picture, voice recording, etc.
(h) For interns, the Company will collect additional personal data such as information about your parents or spouse, bank account for payment of internship allowance (if any) Internship information (such as habits, behaviors, attitudes, aptitudes, skills, or other information to evaluate the result of your internship)
(i) Information about your previous workplace such as work position, work certificate, copy of payroll documents, past work record.
-
Sensitive Personal Data such as race, religious belief, biometric data (such as fingerprint, face image data, blood group, etc.) data about your health information, information about criminal records, etc.
If you are selected to be an employee, The Company will collect additional personal data as set forth in Privacy Notice For Process Related to Personnel of BCPG Plc.
Disclaimer : The Company would like to inform you that in case its request of your Personal Identification Data such as Identity Card, Passport or others documents which may contain Sensitive Data, such as religion or blood group. The Company have no intention to collect those Sensitive Data. As a result, the Company requests the Data Subject to delete or to hide those data in some ways. Therefore, if you do not proceed with the said data erasure, the Company will reserve the right to act as if it does not obtain such a data.
2. The respect of Personal privacy
The Company respects Data Subjects’ right of their Personal Data and is also aware of the Data Subjects’ intention for the due protection of their Personal Data. Any Personal Data submitted to the Company will be used only for the stated purposes. The Company has strict security measures and a prevention not to let the unauthorized parties from accessing and using your Personal Data.
3. The Collection of Personal Data
In the direct collection, use, and disclosure of your Personal Data, the Company shall solicit your consent should it be legally required and shall use the Personal Data only as necessary and only in accordance with the Company’s specified purposes.
However, the Company may collect your Personal Data from any other sources, such as from various social media, vendor or supplier, but only in necessity and carried out in accordance with legal requirements. The Company may collect your Personal Data by (a) automated means, such as the use of Cookies or other similar technologies (b) third parties, such as group company, third-party website, social media, other business partner, reference person, government agency, persons who may be contacted in case of emergency etc.
4. Purposes for the collection, use and disclosure of Personal Data
The Company collects, uses, and discloses your Personal Data for the following purposes :
- The Processing of Personal Data of personnel is necessary for the performance of your request in applying for a job of applying for an internship such as process of recruitment, qualification check, assessment of the applicant's work ability including compliance with the internship agreement, Internship allowance (if applicable) and apprenticeship benefits (if applicable).
- The Processing of Personal Data of personnel is necessary for compliance with a legal obligation to which we are subject e.g. in recruiting ,accepting internships or in the process after applying for a job, accepting an internship such as sending news related to the job position, considering the selection of job applicants or trainees and examining the qualifications of job applicants or trainees, preparing an internship or employment contract in case you qualify and the exercise of legal claims including for security and safety of the Company’s personnel and property etc.
- The Processing of Personal Data of personnel is necessary in order to protect vital interests of you or of another person. We process your personal data to, for instance, make contact in case of emergency and control and prevent disease.
- For the purpose of complying with relevant laws which are applicable to the Company’s business
- For the purpose that the company will notify you and you consent to the company
Therefore, the Company will collect, use, and disclose your Personal Data only by your consent, (only in case prescribed by law) with the exception of certain cases prescribed by the Personal Data Protection Act, B.E. 2562 (2019): it is necessary to take steps at the request of the Data Subject prior to entering into a contract or for executing the obligation of the contract. Otherwise, it is necessary for legitimate interests of the Company or any other Persons or juristic persons other than the Company, except where such interests are overridden by the fundamental rights of your Personal Data. It is necessary to comply with a law to which the Company is subjected.
The Personal Data collected by the Company in relation to the above-mentioned purposes are required in compliance with contractual obligations or in accordance with applicable laws. In case of refusal to provide the required Personal Data, it may be considered as an infringement of relevant laws or may cause the Company not to be able to manage or execute contractual obligations or facilitate services for you.
However, should any modifications to the stated purposes for the collection of Personal Data subsequently occur, the Company will duly inform you as well as fulfill other legal obligations, including the recording as evidence of the amendment of the purposes stated in this Privacy Notice.
5. The Personal Data retention period
The Company will retain your Personal Data only for the necessary duration of 5 years since the collection of your Personal Data from the application (The Company will ask for your permission to keep your Personal Data) , and will collect, use and disclose your Personal Data, as defined in this Privacy Notice in accordance with the duration criteria, namely the period during which you are still related to the Company as a candidate, and may still retain your Personal Data for a period of time necessary to achieve the propose of enrollment or internship. If you don't want us to keep your personal data to be considered for other positions, you can contact us using the methods specified in this privacy notice.
After the period of time set forth above has expired, the Company will delete or destroy such Personal Data from the storage or system of the Company and other persons providing services to the Company (if any) or anonymize your Personal Data.
In Case you have been selected as Personnel of the Company, The Company will continue to collect your personal data for the duration that is necessary to meet the employment according to the Privacy Notice For Process Related to Personnel of BCPG Plc.,
6. Security Measures
The Company has in place adequate and strict security measures, in accordance with Policy and Guidelines on Information Technology of the Company, to prevent Personal Data, loss, access, destruction, use, alteration, correction, and to prohibit unauthorized or unlawful use of Personal Data.
7. Your Rights as a Data Subject
As a Data Subject, you have the rights as prescribed in the Personal Data Protection Act, B.E. 2562 (2019) and other rights as follows :
7.1 Right to withdraw the consent as prescribed by law.
7.2 Right to access to the Personal Data
7.3 Right to request for sending or transferring the Personal Data (Right to data portability)
7.4 Right to object the collection, use, or disclosure of Personal Data
7.5 Right to request the erasure of Personal Data (Right to be forgotten)
7.6 Right to restrict the use of Personal Data
7.7 Right to request for the correction of the Personal Data
7.8 Right to be informed in case of the modification of the Privacy Notice
7.9 Right to complain to authorized officials as prescribed by the Personal Data Protection Act, B.E. 2562 (2019)
In the event that the Data Subject lodges their request to exercise their rights as prescribed by the Personal Data Protection Act, B.E. 2562 (2019), upon reception of such request, the Company will further proceed within the duration of time as prescribed by the Act. However, the Company reserves the right to deny or not to proceed with the request as prescribed by law in case that the Data Subject has chosen to provide to the Company only certain Personal Data which may cause the Company not to be able to provide full services. Moreover, the Company may not be able to collaborate with or to provide services to the Data Subject if they do not consent to the provision of information as required by the Company.
8. The Disclosure of Personal Data to a Third Party
The Company may disclose your Personal Data in accordance with the Purposes and the rules prescribed under the laws to the following entities and persons:
- BCPG Group, both in and outside Thailand, including executives, directors, staff, employees and/or relevant in-house personnel, and as necessary on a need-to-know basis for the Processing of your Personal Data.
- Business partners, service providers, and data processors designated or hired by the Company to perform duties in connection with the management/Processing of Personal Data for the Company in the provision of various services, such as personnel’s physical examinations by business partners, information technological services, data recording services, relevant government agencies.
- Relevant governmental agencies which have supervisory duties under the laws or which have requested the disclosure pursuant to their lawful powers or relevant to the legal process or which were granted permission pursuant to applicable laws
- Any persons or other entities that you have given consent to disclose your Personal Data to, such as the disclosure of processed images of activities through various media platforms of the Company to the general public.
The disclosure of your Personal Data to third parties shall be in accordance with the Purposes or other purposes permitted by law, provided that if the law requires your consent to be provided, the Company will request your prior consent. The Personal Data will be kept confidential, either in paper form or electronic form, including during its transfer
However, in case of an international transfer of Personal Data, the Company will strictly comply with the Personal Data Protection Act, B.E. 2562 (2019).
9. Data Protection Officer
The Company has complied with the Personal Data Protection Act, B.E. 2562 (2019) by appointing a Data Protection Officer (DPO) to review the Company’s collection, usage and disclosure of Personal Data for conformance with the Personal Data Protection Act, B.E. 2562 (2019) including other related laws.
10. Contact channels
Enquires or questions on the Personal Data Protection can be addressed to the following channels :
BCPG Public Company Limited
Address : BCPG Public Company Limited 2098 M Tower Building, 12th Floor, Sukhumvit Road, Phra Khanong Tai, Phra Khanong, Bangkok 10260 Thailand
Tel : 02-335-8999
Data Protection Officer (DPO)
Address : BCPG Public Company Limited 2098 M Tower Building, 12th Floor, Sukhumvit Road, Phra Khanong Tai, Phra Khanong, Bangkok 10260 Thailand
Email : DPOoffice@bcpggroup.com
11. Amendment of the Policy and Guideline on Personal Data Protection
The Company may, from time to time, review this Policy for compliance with the changing guidelines and relevant laws. In case of changes thereto, the Company will provide a public notification through appropriate channels.
Given this day, March 29, 2022
BCPG Public Company Limited and subsidiaries1 (“Company”) realize the importance of the Personal Data protection and have compliance and management of Personal Data which are consistent with Personal Data Protection law and the related laws. The Company would like to notify you of the Company’s compliance with the Personal Data Protection Act, B.E. 2562 (2019) as follows:
1. Personal Data
1.1 The Characteristics of Personal Data
In this document :
“Personal Data” means any information relating to a Person, which enables the identification of such Person, whether directly or indirectly, but not including the information of the deceased Persons in particular.
“Sensitive Personal Data” means Personal Data pertaining to racial, ethnic origins, political opinions, cult, religious or philosophical beliefs, sexual orientation, criminal records, health data, disability, trade union information, genetic data, biometric data (such as fingerprints or facial recognition data) or of any data which may affect the data subjects in the same manner, as prescribed by the Personal Data Protection Committee
1.2 The Collection of Personal Data
The Company may collect your Personal Data as follows :
1.2.1 Groups or Categories of Persons whom the Company Collects Personal Data
Visitors and Event Participants means (1) persons who visit the Company’ premises and/or (2) persons who participate in any of our activities, whether they are organized by us or a person we hire, or they are co-organized by us and another entity, or when you enter our premises.
1.2.2 Categories of Personal Data
-
General Personal Data
For Event Participants
(a) Personal information including, among others, name and surname, copy of Personal Identity Card, photo, license plate, etc.
(b) Contact information including, among others, address, telephone number, e-mail address, social media contact details, etc.
(c) Information about activities or events that you have participated in in the past or that you have registered and details of your payment and financial transactions related to the activity (if applicable).
(d) Other information such as photo, video and audio (including photographs and videos recorded in the seminars or in event locations).
For Visitors
(1) When the visitors enter the Company premises, the Company may collect, monitor, and process your images and video recorded by CCTV in these areas and this information can be used to identify you. However, we will display signage to notice you about the areas where CCTV are in operation. For more information, please find details in “Privacy Notice for CCTV”.
(2) Visitor records as follows
(a) Personal information including, among others, name and surname, copy of Personal Identity Card, photo, license plate, etc.
(b) Contact information including, among others, address, telephone number, e-mail address, etc.
(c) Safety Orientation information.
- Sensitive Personal Data : When the visitors enter the Company premises, the Company may collect sensitive personal data such as health information and biometric information.
Disclaimer : The Company would like to inform you that in case its request of your Personal Identification Data such as Identity Card, Passport or others documents which may contain Sensitive Data, such as religion or blood group. The Company have no intention to collect those Sensitive Data. As a result, the Company requests the Data Subject to delete or to hide those data in some ways. Therefore, if you do not proceed with the said data erasure, the Company will reserve the right to act as if it does not obtain such a data.
2. The respect of Personal privacy
The Company respects Data Subjects’ right of their Personal Data and is also aware of the Data Subjects’ intention for the due protection of their Personal Data. Any Personal Data submitted to the Company will be used only for the stated purposes. The Company has strict security measures and a prevention not to let the unauthorized parties from accessing and using your Personal Data.
3. The Collection of Personal Data
In the direct collection, use, and disclosure of your Personal Data, the Company shall solicit your consent should it be legally required and shall use the Personal Data only as necessary and only in accordance with the Company’s specified purposes.
However, the Company may collect your Personal Data from any other sources, such as from various social media, vendor or supplier, but only in necessity and carried out in accordance with legal requirements. The Company may collect your Personal Data by (a) automated means, such as the use of Cookies or other similar technologies (b) third parties, such as group company, third-party website, social media, other business partner, reference person, government agency, persons who may be contacted in case of emergency etc.
4. Purposes for the collection, use and disclosure of Personal Data
The Company collects, uses, and discloses your Personal Data for the following purposes :
- The Processing of Personal Data of personnel is necessary for the performance of the contracts between you and us e.g. when you attend our event or visit our premises.
- The Processing of Personal Data of personnel is necessary for compliance with a legal obligation to which we are subject e.g. laws regulating occupations and diseases from the environment, contagious disease control law.
- The Processing of Personal Data of personnel is necessary for the purposes of the legitimate interests pursued by Company or by a third party e.g. analyzing and creating a database for operation improvement; identification to access the Company premises; security; accident and crime prevention; using for crime investigation, detection and monitoring; being an evidence both for internal and external Company.
- The Processing of Personal Data of personnel is necessary in order to protect vital interests of you or of another person. We process your personal data to, for instance, make contact in case of emergency and control and prevent disease.
- The Processing of Personal Data of personnel is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Company.
- For the purpose that the company will notify you and you consent to the company
Therefore, the Company will collect, use, and disclose your Personal Data only by your consent, (only in case prescribed by law) with the exception of certain cases prescribed by the Personal Data Protection Act, B.E. 2562 (2019): it is necessary to take steps at the request of the Data Subject prior to entering into a contract or for executing the obligation of the contract. Otherwise, it is necessary for legitimate interests of the Company or any other Persons or juristic persons other than the Company, except where such interests are overridden by the fundamental rights of your Personal Data. It is necessary to comply with a law to which the Company is subjected.The Personal Data collected by the Company in relation to the above-mentioned purposes are required in compliance with contractual obligations or in accordance with applicable laws. In case of refusal to provide the required Personal Data, it may be considered as an infringement of relevant laws or may cause the Company not to be able to manage or execute contractual obligations or facilitate services for you.
However, should any modifications to the stated purposes for the collection of Personal Data subsequently occur, the Company will duly inform you as well as fulfill other legal obligations, including the recording as evidence of the amendment of the purposes stated in this Privacy Notice.
5. The Personal Data retention period
The Company will retain your Personal Data only for the necessary duration, and will collect, use and disclose your Personal Data, as defined in this Privacy Notice, in accordance with the duration criteria, namely the period during which you are still related to the Company as a vendor, and may still retain your Personal Data as long as needed for legal compliance or as per legal prescription, for the establishment of legal claims, legal compliance or exercise of legal claims, or defense of legal claims, or for other purposes in accordance with policies and the internal regulations of the Company.
In this regard, the Company will retain your Personal Data for the period not exceeding 10 years, starting from the date your legal relations/transactions with the Company come to an end. However, the Company may retain your Personal Data for a longer period of such time prescribed if the laws permit or such retention of Personal Data is necessary for the establishment of the right of claim of the Company. However, In case the Company collects your personal data by using CCTV, the retention period is in accordance with the Privacy Notice for CCTV.
After the period of time set forth above has expired, the Company will delete or destroy such Personal Data from the storage or system of the Company and other persons providing services to the Company (if any) or anonymize your Personal Data.
6. Security Measures
The Company has in place adequate and strict security measures, in accordance with Policy and Guidelines on Information Technology of the Company, to prevent Personal Data, loss, access, destruction, use, alteration, correction, and to prohibit unauthorized or unlawful use of Personal Data.
7. Your Rights as a Data Subject
As a Data Subject, you have the rights as prescribed in the Personal Data Protection Act, B.E. 2562 (2019) and other rights as follows :
7.1 Right to withdraw the consent as prescribed by law.
7.2 Right to access to the Personal Data
7.3 Right to request for sending or transferring the Personal Data (Right to data portability)
7.4 Right to object the collection, use, or disclosure of Personal Data
7.5 Right to request the erasure of Personal Data (Right to be forgotten)
7.6 Right to restrict the use of Personal Data
7.7 Right to request for the correction of the Personal Data
7.8 Right to be informed in case of the modification of the Privacy Notice
7.9 Right to complain to authorized officials as prescribed by the Personal Data Protection Act, B.E. 2562 (2019)
In the event that the Data Subject lodges their request to exercise their rights as prescribed by the Personal Data Protection Act, B.E. 2562 (2019), upon reception of such request, the Company will further proceed within the duration of time as prescribed by the Act. However, the Company reserves the right to deny or not to proceed with the request as prescribed by law in case that the Data Subject has chosen to provide to the Company only certain Personal Data which may cause the Company not to be able to provide full services. Moreover, the Company may not be able to collaborate with or to provide services to the Data Subject if they do not consent to the provision of information as required by the Company.
8. The Disclosure of Personal Data to a Third Party
The Company may disclose your Personal Data in accordance with the Purposes and the rules prescribed under the laws to the following entities and persons:
- BCPG Group, both in and outside Thailand, including executives, directors, staff, employees and/or relevant in-house personnel, and as necessary on a need-to-know basis for the Processing of your Personal Data.
- Business partners, service providers, and data processors designated or hired by the Company to perform duties in connection with the management/Processing of Personal Data for the Company in the provision of various services, such as CCTV service providers, event organizers, IT service providers, government agencies, the necessary persons who process the personal data for the Company in accordance with this Privacy notice.
- Any persons or other entities that you have given consent to disclose your Personal Data to, such as the disclosure of processed images of activities through various media platforms of the Company to the general public.
The disclosure of your Personal Data to third parties shall be in accordance with the Purposes or other purposes permitted by law, provided that if the law requires your consent to be provided, the Company will request your prior consent. The Personal Data will be kept confidential, either in paper form or electronic form, including during its transfer
However, in case of an international transfer of Personal Data, the Company will strictly comply with the Personal Data Protection Act, B.E. 2562 (2019).
9. Data Protection Officer
The Company has complied with the Personal Data Protection Act, B.E. 2562 (2019) by appointing a Data Protection Officer (DPO) to review the Company’s collection, usage and disclosure of Personal Data for conformance with the Personal Data Protection Act, B.E. 2562 (2019) including other related laws.
10. Contact channels
Enquires or questions on the Personal Data Protection can be addressed to the following channels :
BCPG Public Company Limited
Address : BCPG Public Company Limited 2098 M Tower Building, 12th Floor, Sukhumvit Road, Phra Khanong Tai, Phra Khanong, Bangkok 10260 Thailand
Tel : 02-335-8999
Data Protection Officer (DPO)
Address : BCPG Public Company Limited 2098 M Tower Building, 12th Floor, Sukhumvit Road, Phra Khanong Tai, Phra Khanong, Bangkok 10260 Thailand
Email : DPOoffice@bcpggroup.com
11. Amendment of the Policy and Guideline on Personal Data Protection
The Company may, from time to time, review this Policy for compliance with the changing guidelines and relevant laws. In case of changes thereto, the Company will provide a public notification through appropriate channels.
Given this day, March 29, 2022
BCPG Public Company Limited and subsidiaries1 (“Company”) realize the importance of the Personal Data protection and have compliance and management of Personal Data which are consistent with Personal Data Protection law and the related laws. The Company would like to notify you of the Company’s compliance with the Personal Data Protection Act, B.E. 2562 (2019) as follows:
1. The Collection of Personal Data
The Company may collect your Personal Data from CCTV which includes any photos or videos
2. The respect of Personal privacy
The Company respects Data Subjects’ right of their Personal Data and is also aware of the Data Subjects’ intention for the due protection of their Personal Data. Any Personal Data submitted to the Company will be used only for the stated purposes. The Company has strict security measures and a prevention not to let the unauthorized parties from accessing and using your Personal Data.
3. The Collection of Personal Data
In the direct collection, use, and disclosure of your Personal Data, the Company shall solicit your consent should it be legally required and shall use the Personal Data only as necessary and only in accordance with the Company’s specified purposes.
4. Purposes for the collection, use and disclosure of Personal Data
The Company collects, uses, and discloses your Personal Data for the following purposes :
- To control access to buildings and premises as well as to observe, prevent, impede and (if necessary) inspect unauthorized entry to buildings and premises. To take care of security around the building and the Company's premises.
- To maintain safety in the life and property of employees, customers, contractors and other business partners, visitors, as well as assets which are in the possession of the Company.
- To control access to and secure the Company's information technology resources and database.
- To check, investigate and manage complaints within the Company, such as in the event of employees being bullied or having harassment incidents.
- Safety during operation such as the company's production process, process of maintenance within the factory.
- To inspect and investigate the above events that may threaten or affect the safety of life and property.
- To check and investigate the facts in the event of an incident in the company
The processing of your personal data for the above purposes is necessary for the Company's legitimate interests or for the purpose of complying to the contract (In the event that you are an employee or a contractual party of the Company) to control and secure the building and premises of the Company. To maintain the safety of employees, customers, contractors and other partners, visitors and assets of the Company Access control and security of the Company's information technology resources and databases Security checks and supervision during operation and investigating in the event of any incidents mentioned above that may jeopardize or affect the safety of life and property
However, should any modifications to the stated purposes for the collection of Personal Data subsequently occur, the Company will duly inform you as well as fulfill other legal obligations, including the recording as evidence of the amendment of the purposes.
5. The Personal Data retention period
The Company will retain your Personal Data for a period of not more than 60 days from the date you enter the building or the premises of the Company after expiration of the said period, the image records by the surveillance cameras will automatically deleted.
6. Security Measures
The Company has in place adequate and strict security measures, in accordance with Policy and Guidelines on Information Technology of the Company, to prevent Personal Data, loss, access, destruction, use, alteration, correction, and to prohibit unauthorized or unlawful use of Personal Data.
However, images recorded from CCTV can be accessed by the head of the unit responsible for monitoring the CCTV, Employees who operate CCTV systems including the company's delegates. In order to monitor the CCTV system, the Company will limit access to the CCTV system to a high level which is protected by a password and personal information cannot be accessed without the permission of the Head of the Unit who has the duty to taking care of that CCTV.
7. Your Rights as a Data Subject
As a Data Subject, you have the rights as prescribed in the Personal Data Protection Act, B.E. 2562 (2019) and other rights as follows :
7.1 Right to withdraw the consent as prescribed by law.
7.2 Right to access to the Personal Data
7.3 Right to request for sending or transferring the Personal Data (Right to data portability)
7.4 Right to object the collection, use, or disclosure of Personal Data
7.5 Right to request the erasure of Personal Data (Right to be forgotten)
7.6 Right to restrict the use of Personal Data
7.7 Right to request for the correction of the Personal Data
7.8 Right to be informed in case of the modification of the Privacy Notice
7.9 Right to complain to authorized officials as prescribed by the Personal Data Protection Act, B.E. 2562 (2019)
In the event that the Data Subject lodges their request to exercise their rights as prescribed by the Personal Data Protection Act, B.E. 2562 (2019), upon reception of such request, the Company will further proceed within the duration of time as prescribed by the Act. However, the Company reserves the right to deny or not to proceed with the request as prescribed by law in case that the Data Subject has chosen to provide to the Company only certain Personal Data which may cause the Company not to be able to provide full services. Moreover, the Company may not be able to collaborate with or to provide services to the Data Subject if they do not consent to the provision of information as required by the Company.
8. The Disclosure of Personal Data to a Third Party
The Company may disclose your Personal Data in accordance with the Purposes and the rules prescribed under the laws to the following entities and persons:
- BCPG Group, both in and outside Thailand, including executives, directors, staff, employees and/or relevant in-house personnel, and as necessary on a need-to-know basis for the Processing of your Personal Data.
- Other persons or entities who are not affiliates for the purposed of collecting personal data as specified in this Privacy Policy.
- Government agencies who are responsible for supervising or requiring the legal basis for the disclosure of personal information or any other related legal actions, such as The Royal Thai Police, Office of the Attorney General, Court of Justice, etc.
- Any persons or other entities that you have given consent to disclose your Personal Data to, such as the disclosure of processed images of activities through various media platforms of the Company to the general public.
The disclosure of your Personal Data to third parties shall be in accordance with the Purposes or other purposes permitted by law.
However, in case of an international transfer of Personal Data, the Company will strictly comply with the Personal Data Protection Act, B.E. 2562 (2019).
9. Data Protection Officer
The Company has complied with the Personal Data Protection Act, B.E. 2562 (2019) by appointing a Data Protection Officer (DPO) to review the Company’s collection, usage and disclosure of Personal Data for conformance with the Personal Data Protection Act, B.E. 2562 (2019) including other related laws.
10. Contact channels
Enquires or questions on the Personal Data Protection can be addressed to the following channels :
BCPG Public Company Limited
Address : BCPG Public Company Limited 2098 M Tower Building, 12th Floor, Sukhumvit Road, Phra Khanong Tai, Phra Khanong, Bangkok 10260 Thailand
Tel : 02-335-8999
Data Protection Officer (DPO)
Address : BCPG Public Company Limited 2098 M Tower Building, 12th Floor, Sukhumvit Road, Phra Khanong Tai, Phra Khanong, Bangkok 10260 Thailand
Email : DPOoffice@bcpggroup.com
11. Amendment of the Policy and Guideline on Personal Data Protection
The Company may, from time to time, review this Policy for compliance with the changing guidelines and relevant laws. In case of changes thereto, the Company will provide a public notification through appropriate channels.
Given this day, March 29, 2022
1 Only for this document, the companies under BCPG Group mean
Bangchak Solar Energy Co., Ltd.
Bangchak Solar Energy (Buriram) Co., Ltd.
Bangchak Solar Energy (Buriram 1) Co., Ltd.
Bangchak Solar Energy (Chaiyaphum 1) Co., Ltd.
Bangchak Solar Energy (Nakhon Ratchasima) Co., Ltd.
Bangchak Solar Energy (Prachinburi) Co., Ltd.
Lomligor Co., Ltd.
BCPG Indochina Co., Ltd.
Thai Digital Energy Development Co., Ltd.