SIAM NISTRANS Thai Nissin: Privacy Notice

Privacy Notice

For human resource management and other relevant persons

Siam Nistrans Co., Ltd. (the “Company”) has established and published this Privacy Notice to explain how we collect, use or disclose Personal Data of our employees, outsourced employees, job applicants including family members, emergency contact persons, reference persons and beneficiaries of aforementioned persons that provided their information to the Company, including how we protect the Personal Data and properly handle such Personal Data according to the Personal Data Protection Act B.E. 2562 (2019).

The Company regularly review and, if appropriate, update this Privacy Notice from time to time to ensure that the Data Subjects’ Personal Data is properly protected. In case of any significant update to this Privacy Notice, the Company will inform the Data Subjects via appropriate channel(s).

1. Definition

“Personal Data” means any information relating to an individual, which enables the identification of such individual, whether directly or indirectly, but not including the information of the deceased persons in particular.

“Sensitive Personal Data” means any Personal Data stated under Section 26 of the Personal Data Protection Act B.E. 2562 (2019), i.e. race, ethnic origin, political opinion, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or of any data which may affect the Data Subject in the same manner, as prescribed by the Personal Data Protection Committee.

“Data Protection Officer” means a person who is appointed as a data protection officer by the Company under Section 41 of the Personal Data Protection Act B.E. 2562 (2019).

“Data Subject” or “Data Subjects” means natural persons who are data subjects whose Personal Data have been collected, used or disclosed by the Company.

2. Purposes of collection, use or disclosure of Personal Data

2.1 Lawful basis for collection, use or disclosure of Personal Data

The Company collects, uses and discloses Personal Data as it is necessary for the scope set out in this Privacy Notice as follows:

2.1.1 For General Personal Data

Where the Company obtains consent from the Data Subject as required by law;
To prevent or suppress a danger to a person’s life, body or health;
Where it is necessary for performing contractual obligations between the Data Subject and the Company or taking steps at the Data Subject’s request prior to entering into a contract;
Where it is necessary for legitimate interests of the Company or any other persons or juristic persons, except where such interests are overridden by fundamental rights of the Data Subject’s Personal Data;
To comply with laws to which the Company is subjected.

2.1.2 For Sensitive Personal Data

During the Company’s operations, the Company may need to collect the Data Subject’s Sensitive Personal Data. In the case where the Company collects Sensitive Personal Data, the Company shall always obtain explicit consent from the Data Subjects prior to the time of such collection of Sensitive Personal Data, unless the explicit consent is not required by the Personal Data Protection Act B.E. 2562 (2019), including the following cases:

To prevent or suppress a danger to a person’s life, body or health, where the Data Subject is incapable of giving consent by whatever reason;
It is information that is disclosed to the public with the explicit consent of the Data Subject;
It is necessary for the establishment, compliance, exercise or defense of legal claims;
It is necessary for compliance with a law to achieve the purposes with respect to public interest in public health such as protecting against cross-border dangerous contagious disease or epidemics which may be contagious or pestilent;
It is necessary for compliance with a law to achieve the purposes with respect to the assessment of working capacity of the employee, employment protection, social security, or social protection;
It is necessary for compliance with a law to achieve the purpose with respect to the substantial public interest.

2.2 Purposes of collection for use or disclosure of Personal Data

The Company collects the Data Subjects’ Personal Data for various purposes depending on relationship between the Data Subjects and the Company as follows:

2.2.1 For job applicants, including family members, reference persons, and emergency contact persons of job applicants

For recruitment, considering and selecting job applicants including other relevant undertakings, such as inspection of applicants’ qualifications, criminal history check, conducting interviews, interview assessment and entering into employment contracts, etc.;
For undertaking internal management of the Company related to job application processes, such as preparing database of job applicants and relevant persons, sending reports in relation to the result of interviewing session to relevant departments for their consideration and selection, and other necessary human resourcing matters of the Company.

2.2.2 For employees of the Company, outsourced employees, including family members, emergency contact persons, reference persons and beneficiaries of the aforementioned persons

For supporting employment procedures and performance of the obligations under employment contracts or other relevant contracts between the Company and employees or outsourced employees, or for compliance with all applicable laws, rules, and other regulations related to the Company including other relevant proceedings, such as drug testing and criminal history checking before performing duties, preparation of power of attorney to enable performance of duties on behalf of the Company, submission of relevant information and documents with government authorities, preparation of evidence of payment made by the Company’s employees such as receipts, etc.;
For the Company’s human resource administration including resource planning and management, supervising the performance of employees and outsourced employees, preparing the Company’s internal database of the employees and outsourced employees, including managing payroll, wages and other benefits, welfares (e.g. medical fees, annual health check-up, insurance, vaccination cost, provident fund, social security, etc.), preparing the summary of employees’ income and personal income tax to be submitted to the Revenue Department;
For submission of application for Thai visa or visa extension, and/or the application for work permit or work permit renewal as required by laws;
For conducting planning, reporting, evaluation and data analytic for the Company’s operations;
For management of risks, prevention and undertaking of audits, and undertaking of internal administration as required by laws, regulations, or policies of the Company, such as the Company’s internal audit, including considering complaints regarding internal fraud or misconduct occurred in the Company, investigating and preventing fraud or other unlawful acts, examining requests for using the Company's internal information system, etc.;
For detection and investigation under legal procedures and other regulations, compliance with laws and reporting information to government authorities as required by laws, or upon receiving summons or writ of executions from police officers, government authorities, courts, or other competent authorities including establishment, compliance or exercise of the rights to legal claims or defending against the rights to legal claims;
For assignment of rights, obligations, and any benefits under a contract between you and the Company, such as merger or transfer of the contract which has been done legally;
For maintaining security within the Company’s buildings and premises via Closed-Circuit Television (CCTV), screening, inspecting and verifying identity for entering and exiting the Company’s buildings and premises.

In the case where the Personal Data collected by the Company as stated above is necessary for the Company’s compliance with applicable laws or performance of contract and if the Data Subjects do not provide the Company with such necessary Personal Data, the Company may be subject to legal liabilities and/or may not be able to manage or administer contract or facilitate the Data Subjects.

3. Collected Personal Data

3.1 Personal Data we collect

The Company collects several types of Personal Data from the Data Subjects, including:

Identity data, for example, name, surname, identification number, driver license number, passport number, date of birth, gender, age, nationality, marital status, photo, including information indicated on copy of identification card, driver license or other documents as required by laws, etc.;
Contact data, for example, address, telephone number, e-mail, social media contacts
Financial or transaction data, for example, bank account details and bank account number, taxation information, insurance information, wages or salary, etc.;
Information regarding the use of the Company’s information system or other technical information, for example, IP Address, device ID, data that the Company collects through cookies or similar technologies, computer traffic information (log), access information on the Company’s websites and systems, and user account for using the Company’s information system, etc.;
Information regarding qualifications, education and employment, including training background, for example, educational and employment background, information relating to work permits, job title, etc.;
Communication data, for example, image or voice recordings when communicating with the Company, etc.;
Information on participating in activities held by the Company, for example, recordings of static images, videos, information indicated on registration form for participating in activities, survey result, result of assessment of satisfaction, etc.;
Other personal data, for example, military status, citizenship status, family members information, referral information, emergency contact person details, etc.;

In some cases, the Company may collect Sensitive Personal Data, for example, religion, blood type, ethnicity, health data (Covid-19 test result and drug test result), face recognition, criminal record information, etc., upon obtaining explicit consent from the Data Subjects or when permitted by law.

3.2 Personal Data of minors, incompetent persons and quasi-incompetent persons

In some cases, the Company may collect the Personal Data of minors, incompetent persons or quasi-incompetent persons. In the case where the Data Subjects are minors, incompetent persons or quasi-incompetent persons, the Company shall comply with the laws relating to collection, use or disclosure of Personal Data of minors, incompetent persons and quasi-incompetent persons, which include obtaining consent from the legal representative, the curator or the custodian as required by law where the Company has no legitimate grounds other than obtaining consent for the collection, use or disclosure of such information.

3.3 Sources of Personal Data

The Company may collect the Data Subjects’ Personal Data from various sources as follows:

Collect the Personal Data directly from the Data Subjects, for example, applying for a job with the Company including submitting supporting documents for the job application, proceeding as requested prior to entering into contracts, signing contracts, attaching supporting documents to the contracts, contacting the Company via various channels (for example, telephone, e-mail, etc.) and participating in meetings. In addition, the Company may automatically collect the Personal Data (for example, when the Data Subjects use the Company’s information technology or website).
Collect the Personal Data from other sources, for example, reference persons who provided information to the Company, previous employers, universities, government authorities, private sectors, or other publicly available sources (for example, the Data Subject’s agency website, information made available on the internet, etc.)

4. Personal Data retention period

The Company retains the Data Subjects’ Personal Data for as long as it is considered necessary for the purpose for which it was collected, used or disclosed as set out in this Privacy Notice. The criteria used to determine the Company’s retention period include: the Company retains the Personal Data for the duration the Company has an ongoing relationship with the Data Subjects; and the Company may retain the Personal Data for a longer period as necessary to comply with applicable laws, or to be in accordance with legal prescription, or to establish, comply with or exercise the rights to legal claims or defend against the rights to legal claims, or to comply with, for any other cause, the Company’s internal policies and regulations.

5. Disclosure of Personal Data

5.1 Categories of persons or entities to whom the Personal Data may be disclosed

The Company may disclose the Data Subjects’ Personal Data in certain circumstances for the purposes set out in this Privacy Notice to:

Subsidiaries, group companies and affiliated companies (as listed in https://www.th.nissin-asia.com/en/overseas-branches.php) for the purpose of undertaking activities as specified in this Privacy Notice.
Agencies, service providers, contractors and/or sub-contractors for any operations for the Company, such as logistics service providers, travel agencies, document storage and destruction service providers, printing houses, IT development and maintenance service providers, auditors, lawyers, legal and tax consultants and other consultants.
Government authorities, supervisory authorities, independent authorities or other authorities as stipulated by laws, including competent officials exercising power or performing duties according to the laws, e.g. courts, police officers, Royal Thai Police, the Revenue Department, the Customs Departments, the Immigrant Division, the Office of the Personal Data Protection Committee, etc.
Financial institutions for payment of wage, compensation, subsidy for the relevant processes.
Insurance companies
The assignee of the rights, duties, and any benefits from the Company, including any persons who are assigned by the aforesaid assignee to act on its behalf, for example, in the case of merger or acquisition, etc.;

5.2 Transmission or transfer of Personal Data to foreign countries

In some cases, the Company may transmit or transfer the Personal Data to foreign countries. In such case, the Company shall ensure that the destination country or international organization that receives such Personal Data shall have adequate data protection standard, and the Company shall provide appropriate protection and security measures and comply with the Personal Data Protection Act B.E. 2562 (2019) including obtaining consent from the Data Subjects for the transmission or transfer of Personal Data to foreign countries as required by law.

6. Your rights as a Data Subject

As a Data Subject, you have the rights according to the Personal Data Protection Act B.E. 2562 (2019) including the following rights:

6.1 Right to withdraw consent

You have the right to withdraw consent given to the Company for collecting, using or disclosing your Personal Data at any time, unless there is a restriction of the withdrawal of consent by law or the contract which grants benefits to you.

However, the withdrawal of consent shall not affect the processing of Personal Data you have already given consent legally.

6.2 Right to access

You have the right to request access to and obtain copy of your Personal Data which is under our responsibility, and to request the disclosure of the acquisition of the Personal Data obtained without your consent.

6.3 Right to data portability

Where the Company arranges your Personal Data to be in the format which is readable or commonly used by ways of automatic tools or equipment, and can be used or disclosed by automated means, you have the right to receive your Personal Data from the Company and request the Company to send or transfer your Personal Data in such formats to other data controllers as provided by the law.

6.4 Right to object

You have the right to object the processing of your Personal Data on the grounds stipulated by law.

6.5 Right to erasure

You have the right to request the Company to erase, destroy or make your Personal Data become unidentifiable data as stipulated by law.

6.6 Right to restriction of use

You have the right to request the Company to restrict the use of your Personal Data as stipulated by law.

6.7 Right to rectification

You have the right to request the Company to modify the Data Subjects’ Personal Data to be accurate, up-to-date, complete, and not misleading.

6.8 Right to file a complaint

You have the right to file a complaint to an authorized officer appointed by the Personal Data Protection Act B.E. 2562 (2019) when the Company violates or does not comply with such law.

In the case where you request to exercise the rights according to the provisions of the Personal Data Protection Act B.E. 2562 (2019), upon receiving the request, the Company will proceed with such request within the period as stipulated by law. In this regard, the Company reserves the right to refuse or not process the request under certain circumstances as stipulated by law.

7. Security measures for Personal Data

The Company implements appropriate and strict security measures for protecting the security of Personal Data in order to prevent unauthorized or unlawful loss, access to, use, alteration, correction or disclosure of Personal Data.

In the case where the Company assigns third parties to collect, use or disclose the Personal Data pursuant to the orders given by or on behalf of the Company, the Company shall appropriately supervise such third parties to ensure that they will maintain the security of the Data Subjects’ Personal Data according to the Personal Data Protection Act B.E. 2562 (2019).

8. Contact information

If you have any questions or inquiries about the protection of your Personal Data, collection, use or disclosure of your Personal Data, or exercise of your rights as a Data Subject, or have any claims, please contact the Company at:

Siam Nistrans Co., Ltd.

Address :	191/66, 68-69, 15th Floor, CTI TOWER, Ratchadapisek Road, Klongtoey Sub-district, Klongtoey District, Bangkok 10110, Thailand
Tel :	(+66)-2-261-1080～5 or (+66)-2-261-5343～6
E-mail :	snc-compliance@th.nissin-asia.com

Data Protection Officer

Address :	191/66, 68-69, 15th Floor, CTI TOWER, Ratchadapisek Road, Klongtoey Sub-district, Klongtoey District, Bangkok 10110, Thailand
Tel :	(+66)-2-261-1080 #296
E-mail :	snc-compliance@th.nissin-asia.com

Published on 01/06/2022