Personal Data Protection Policy
S&J International Enterprises Public Company Limited
1. Principles and Objectives
S&J International Enterprises Public Company Limited realizes and attaches great importance to the processing of Personal Data, which includes the collection, storage, usage, disclosure, and transfer of the Personal Data of data subject, to be in compliance with the Personal Data Protection Act B.E. 2562, including related laws which will be announced in the future (“Personal Data Protection Act”).
Therefore, the Company has issued this Personal Data Protection Policy with the following details.
2. Scope of application
This Personal Data Protection Policy covers every processing of Personal Data carried out by the Company, including Data Processors acquiring Personal Data due to their involvement with the Company’s operations, shall comply with the laws in conjunction with this Personal Data Protection Policy.
“Personal Data Protection Policy” refers to the policy that the Company prepares to notify data subject for acknowledgment of the Company’s Data Processing as prescribed in the Personal Data Protection Act B.E. 2562.
“Company” refers to S&J International Enterprises Public Company Limited.
“Personal Data” refers to any information relating to a person which enables the identification of such person, whether “directly” or “indirectly,” but not including the information of deceased persons in particular.
“Sensitive Personal Data” refers to Personal Data of racial, ethnic origins, political opinions, cults, religious or philosophical beliefs, sexual behavior, criminal records, health data, disabilities, trade union information, genetic data, biometric data, or any data which may affect data subject in the same manner as prescribed by the Personal Data Protection Committee.
“Data Processing” refers to collecting, storing, using, disclosing, and transferring Personal Data.
“Data Controller” refers to a natural person or a juristic person having the power and authority to make decisions regarding the collection, storage, usage, disclosure, and transfer of Personal Data.
“Data Processor” refers to a natural person or a juristic person who operates with the collection, storage, usage, disclosure, and transfer of Personal Data according to the orders given by or on behalf of the Data Controller, whereby such natural person or juristic person is not the Data Controller.
“Cookies” refers to small computer files that temporarily store necessary Personal Data on the computer of data subject for convenience and speed of communication, which is effective only while using the website.
4. Collection of Personal Data
The Company shall collect the Personal Data of data subject to the extent necessary for operations within the objectives of business operations and internal management, including the Company’s human resource management, and in accordance with the Personal Data Protection law. In case the Company needs to collect Sensitive Personal Data, the Company shall obtain explicit consent from data subject before taking any actions, unless the collection of such Personal Data and Sensitive Personal Data is following the exceptions prescribed in the Personal Data Protection law.
In the event that data subject must provide Personal Data to comply with a law or contract, or it is necessary to provide Personal Data to enter into a contract, or it must provide Personal Data in any other way. Suppose the data subject does not provide such information. In that case, this may result in any transactions or activities involving the data subject may be suspended or temporarily stopped until the Company receives the information of data subject.
For Personal Data that the Company collected before the effective date of the Personal Data Protection Act, the Company will continue to collect and use such Personal Data in the manner specified in this policy. If data subject wishes to make amendments or revoke consent to collect, store, use, disclose and transfer Personal Data, they can do so by contacting the Company at the contact information listed in this policy.
5. Source of Personal Data
The Company may receive the Personal Data of data subject from 3 channels as follows.
5.1 The data subject directly provides Personal Data to the Company, such as the collection of Personal Data from personal information filled in a job application form or answers to the Company’s questionnaires, correspondence via email, or other communication channels between the Company and the data subject, or access to the Company’s website through cookies, etc.
5.2 The Company receives the data subject’s Personal Data from third parties, such as information obtained from business partners or alliances, or obtains Personal Data from any other sources that data subject has publicly disclosed or consented to the disclosure, such as government agencies, information on the internet, or various social media, etc.
5.3 The Company automatically collects the data subject’s Personal Data, such as from the use of services in the Company’s areas that have installed CCTV cameras, etc.
6. The Use of Personal Data
The Company shall use Personal Data for legitimate interests or per the objectives of the law, for example, for the purpose of the Company’s business operations and its daily operations, to complete the Company’s contractual obligations within the scope permitted by law, to comply with applicable regulations to manage and/or improve relationships with customers, service providers, employees, and other information, etc.
Marketing activities and marketing promotions, the Company may send news about its marketing activities and marketing promotions, products, and services that data subject may be interested in for the benefit of providing efficient service to data subject. As the data subject has agreed to receive such information from the Company, the data subject also has the right to withdraw such consent at any time. Data subject can revoke their consent to receive information by contacting the Company according to the details provided.
7. Retention Period of Personal Data
The Company will retain Personal Data as specified in this policy for as long as it is necessary to carry out the purposes of collecting Personal Data, whereby depending on the criteria for obtaining such information by law and/or depending on whether there are legal and regulatory obligations requiring the Company to retain Personal Data for a longer duration.
If it is not possible to identify the Personal Data retention period in an easily understood format under this policy, the Company will retain the data subject’s Personal Data for only as long as;
7.1 That information is necessary for the relevant purposes,
7.2 That information is necessary to maintain an employment relationship between the Company and data subject,
7.3 Data subject has given their consent to the retention of that data and/or,
7.4 There is a requirement that the Company retains Personal Data by the provisions of the laws, such as tax regulations and the Company’s rules.
8. Disclosure of Personal Data
The Company may share or keep the Personal Data of data subject with companies, organizations, government agencies, or a natural person outside the Company. In addition, some recipients may be recipients in countries outside the territory of the Company’s residence.
In the event that the Company is required to send or transfer Personal Data out of the country, the Company will apply the verification procedures to ensure that the Personal Data of data subject are secured and safely protected in a standard of protection comparable to the protection under the local rules and regulations of overseas recipients. In case data subject wishes to be informed of details of such protection, data subject may request information at the contact details set out below. And in some cases, the Company may request consent from data subject for transfer of Personal Data between countries under the provision of applicable local rules and regulations.
9. Storage and Protection of Personal Data
The Company has measures to prevent Personal Data from unauthorized access, use, or disclosure, including but not limited to the following measures.
9.1 The Company implements and maintains complex technical measures to ensure that Personal Data is recorded and processed completely, securely, and confidentially.
9.2 The Company uses and maintains restrictions on access to Personal Data and properly monitors the access, use, and transfer of Personal Data.
9.3 The Company stores Personal Data as stated in this policy, both in a document and electronic format, in the Company’s servers, databases, cabinets, and departmental lockers. Under certain circumstances, the Company may use services from external data storage providers to retain such Personal Data and related documents. In all cases, the Company will ensure that Personal Data under the Company’s supervision and control will be protected from destruction, alteration, and disclosure inadvertently or illegally, including any other unlawful processing.
9.4 Every employee of the Company who is able to access the Personal Data of data subject shall be under the provision that they must enter a non-disclosure agreement or similar agreement, which imposes an obligation on them to adhere to the Company’s confidentiality and Personal Data protection requirements.
9.5 The Company requires that its business partners and every external service provider, whom the Company may share the Personal Data of data subject with, must comply with any applicable confidentiality and Personal Data protection requirement.
9.6 The Company provides training on Personal Data protection to its employees who have to access Personal Data regularly.
10. Right of the Data Subject
10.1 Right to withdraw consent: Data subject has the right to withdraw their consent to the collection, use, disclosure, including the processing of Personal Data that data subject has given consent to the Company throughout the period that such Personal Data is with the Company.
10.2 Right to access Personal Data: Data subject has the right to access their Personal Data and request the Company to provide a copy of such Personal Data to them, including a request to the Company to disclose the obtaining of Personal Data that data subject does not give consent to the Company.
10.3 Right to rectification: Data subject has the right to request the Company to rectify their incorrect Personal Data or add on incomplete personal information.
10.4 Right to erasure: Data subject has the right to request the Company to delete, destroy, or arrange that Personal Data become non-identifiable data of the person owning it for certain reasons.
10.5 Right to restriction of processing Personal Data: Data subject has the right to suspend the use of Personal Data for certain reasons.
10.6 Right to Personal Data portability: Data subject has the right to obtain Personal Data that is related to the data subject, including requesting the Company to send or transfer Personal Data that the data subject has given to the Company, to another Data Controller, or to the data subject for certain reasons.
10.7 Right to object the Personal Data Processing: Data subject has the right to raise an objection to the processing of their Personal Data for certain reasons.
Data subject can exercise the said rights through channels that the Company has assigned. However, the Company may refuse the exercise of such rights if there appears a reasonable cause that is not contrary to the law. In addition, data subject has the right to lodge a complaint to the officers or agencies having the power of authority in case the Company or Data Processor violates or fails to comply with the Personal Data Protection Act B.E. 2562 or announcements issued under the said act.
11. Security for Personal Data
The Company will take any necessary actions, including establishing appropriate security measures to prevent the loss, access, usage, alteration, rectification, and disclosure of Personal Data without legitimate power or contrary to the Personal Data Protection laws.
The Company will support and encourage its employees and related parties to have the knowledge and awareness of the duties and responsibilities of collecting, storing, using, disclosing, and transferring the Personal Data of data subject. Employees shall adhere to the policy and the Personal Data protection practices as stipulated by the Company so that the Company can properly and effectively comply with Personal Data protection policies and laws.
13. Review and Update of Policy
The Company will arrange the review and update of this policy at least once a year, or when it occurs a change that has significant impact on the policy.
14. Contact Information
Data subject can contact the Company to inquire more information in this policy, lodge a complaint, or exercise the rights of data subject as prescribed in the abovementioned policy at:
Personal Data Protection Committee
S&J International Enterprises Public Company Limited
2 Naradhiwas Rajanagarindra Road, Tungwatdon, Sathorn,
Bangkok 10120 Thailand
Tel: 02 6762727 extension 2507 or extension 2558
This Personal Data Protection Policy has been approved by the resolution of the Board of Directors’ Meeting No. 2/2022 dated 12 May 2022 and effective from 13 May 2022 onwards.