Employee Privacy Policy
Announcement
Subject: Personal Data Protection Policy for Job Applicants and Employees
GP mobility public company limited (‘the Company’) cares about your privacy and prioritizes the protection of personal data for individuals who apply for positions with the Company and those who have been hired as employees. The Company strictly adheres to respecting the privacy rights of applicants and employees.
This Privacy Notice (‘Notice’) is prepared to inform you, in your capacity as a job applicant and employee, about the format, purposes, methods of collection, use, or disclosure (collectively referred to as ‘processing’) of personal data, including your rights under the Personal Data Protection Act of 2019.
In this regard, the Company, as the data controller, processes your personal data for the purposes outlined in this Notice. As the data controller, the Company has the authority and responsibility to make decisions regarding the collection, use, or disclosure of personal data.
1. Definition
“Personal Data” means information about an individual that directly or indirectly identifies that person, excluding information about deceased individuals specifically.
“Sensitive Personal Data” refers to personal information that is genuinely related to an individual, but is sensitive and may pose a risk of unfair treatment, such as race, ethnicity, political opinions, beliefs in political ideologies, religion or philosophy, sexual behavior, criminal history, health information, disabilities, labor union information, genetic information, biometric data, images, videos, sounds, footage from closed-circuit cameras, or other information as specified by the Personal Data Protection Committee.
“The Company” means GP mobility public company limited.
“Employee” refers to the officers and employees of the Company.
The Company handles the collection, use, or disclosure of your personal data as follows
2. Legal Basis for Personal Data Processing
2.1 The Company collects your personal data under the following legal bases:
2.1.1 Necessity for the performance of a contract or necessity to take steps at the request of
the data subject prior to entering into a contract with the Company. For example, your personal data is crucial for entering into employment contracts and related operational activities as an employee of the Company, such as performance evaluations, benefits administration, days off, leave, group insurance arrangements, entitlements, and management of recruitment and labor. Failure to provide the necessary personal data in this regard may result in the Company being unable to proceed with recruitment and employment processes.
2.1.2 Necessity for the legitimate interests pursued by the Company, and such interests are
not overridden by your fundamental rights and freedoms regarding your personal data. This includes operations for maintaining security in Company premises, collecting your personal data before entering into a contract, checking dissolution lists, reviewing historical work records from other sources, suitability analysis, job applicant selection, and internal management or activities of the Company.
2.1.3 Obtaining your explicit consent for the processing of personal data where such
consent is required. This includes conducting criminal record checks, collecting biometric data for entry and exit registration, managing advertising or public relations activities of the Company in which employees appear, announcing birthdays, or expressing condolences for personal losses within the family of employees, and similar activities.
2.2 The Company collects sensitive personal data under Section 26 of the Personal Data Protection Act of 2019, which falls under conditions where explicit consent is not required, for the following purposes:
2.2.1 Necessity for compliance with the law to achieve the objective of labor protection.
The collection of such information is essential for the Company to fulfill its duties as mandated by law, including relevant regulations or rules related to the qualifications of the Company’s employees.
3. Purposes of Collecting and Using Your Personal Data
The Company collects and processes your personal data for the following purposes.
3.1 To facilitate job applications conducted by the Company, where applicants may contact the Company directly or apply through internal announcements.
3.2 To assess the qualifications of job applicants, including age, nationality, checking for dissolution, criminal history, termination or dismissal records, involvement in or competition with the Company’s business, and similar criteria.
3.3 To conduct job interviews, analyze and verify educational backgrounds, and relevant work experience.
3.4 To retain data for consideration of future job openings for applicants who were not hired as employees.
3.5 To facilitate the onboarding process for hired employees, including registration, preparation of identification cards, provision of equipment, computers, mobile phones, email accounts, usernames, passwords, and other necessary preparations for job performance.
3.6 For the management and execution of matters related to the welfare and benefits of employees and their families.
3.7 Management of salary-related matters, special compensation, overtime pay, accommodation allowances, travel expenses, including provident funds and other benefits for employees.
3.8 Management of employees’ tax matters, such as withholding income tax.
3.9 Ensuring the security of buildings, premises, and other properties of the Company.
3.10 Management of employee activities, such as New Year celebrations, exhibitions, seminars, or other social events organized for employees.
3.11 Timekeeping, management of holidays, leave, absenteeism, and tardiness.
3.12 Management of advertising and public relations activities, where employees may act as presenters or appear in advertisements and public relations materials of the Company.
3.13 Announcements of new employees, outstanding employees, or those selected as outstanding employees. Announcements of the completion of work periods, announcements regarding promotions, and reassignments of employees.
3.14 Setting work goals, evaluating the performance of employees, considering position adjustments, salary adjustments, and considering special compensation.
3.15 Participation in training programs and knowledge assessments for employees.
3.16 Investigation, inquiry, and examination of fraudulent or unlawful behavior, violations of company policies, regulations, and employment rules, as well as considering and disciplining or exercising rights according to contracts or laws.
3.17 Reporting information related to misconduct of employees to supervisory and authorized agencies as required by law, such as the police, the Anti-Money Laundering Office, the National Anti-Corruption Commission, the Revenue Department, the Office of the Public Sector Anti-Corruption Commission, and the National Police Bureau.
4. Personal Data Collected by the Company
For the purposes stated in item 3, the Company collects the following personal data from you
Sources/Methods | Personal |
1.
Data collected directly through | Personal
Information: Name, Surname, |
2.
Data Collected through Detection or | Cookie
Policy: Website cookies, Computer |
3.
Data Collected During Work | Employee
Family Information, Provident |
5. Disclosure of Your Personal Information
The company may disclose your personal information to the following individuals or legal entities:
5.1 Insurance Companies: For the purpose of providing group insurance to the company’s employees.
5.2 Government Officials or Authorized Agencies: To comply with legal obligations, such as reporting information required by law or disclosing personal information as ordered by the court.
5.3 Business Partners, Allies, or Other Organizations: Involved in the company’s operations, such as educational institutions, training organizations, private sector partners, hotels, temples, foundations, etc.
6. Your Rights under the Personal Data Protection Act of 2019
The Personal Data Protection Act of 2019 aims to give you more control over your personal information. You have rights under this Act, and you can exercise them when the relevant provisions come into effect. The details of your rights as the data subject are as follows:
6.1 Right to Access and Obtain a Copy of Your Personal Data
You have the right to access and request a copy of your personal data held by the company without consent, except in cases where the company has the right to refuse your request under the law or court order. However, exercising this right may impact the rights and freedoms of other individuals.
6.2 Right to Request Correction of Your Inaccurate or Incomplete Personal Data
You have the right to request the correction of your inaccurate or incomplete personal data held by the company to ensure that it is accurate, up-to-date, complete, and not misleading.
6.3 Right to Request Suspension of the Use of Your Personal Data in Certain Cases
You have the right to request the company to suspend the use of your personal data in specific cases.
6.3.1 During the period when the company is verifying your request for correction of your personal data to ensure its accuracy, completeness, and currency.
6.3.2 Your personal data is collected, used, or disclosed without legal authorization.
6.3.3 When your personal data is no longer necessary for the purposes that the company has informed you of for collection, but you wish the company to continue retaining that information to exercise your legal rights.
6.3.4 During the period when the company is demonstrating to you the legal justifiability of collecting, using, or disclosing your personal data or verifying the necessity of collecting, using, or disclosing your personal data for the public interest, arising from your exercise of the right to object to the collection, use, or disclosure of your personal data.
6.4 Right to object to the collection, use, or disclosure of your personal data, unless the company has legal grounds to reject your request (such as when the company can demonstrate that the collection, use, or disclosure of your personal data is legally justified or for the establishment of legal claims, the exercise or defense of legal rights, or for public interest in the company’s mission).
6.5 Right to request the sending or transfer of personal data. You have the right to request the company to transfer your personal data that you have provided to the company, as required by law.
6.6 Right to withdraw consent. You have the right to withdraw your consent for the processing of personal data that you have previously given to the company, except when the withdrawal of consent is legally justified or when there is a contract that provides benefits to you. As the data owner, the withdrawal of consent will not affect the processing of personal data for which you have previously given consent, as permitted by law.
6.7 Right to request deletion or destruction of personal data. You have the right to request the company to delete or destroy your personal data or make it unidentifiable in accordance with the law.
6.8 Right to be informed in case of changes to the notified personal data. The company may consider reviewing and making changes to this notification as deemed appropriate. This is done periodically to ensure that your personal data is adequately protected.
6.9 Right to lodge a complaint. You have the right to lodge a complaint with the authorized personnel under the Personal Data Protection Act of 2019 if the company violates or fails to comply with the aforementioned Act.
In the event that the data subject submits a request to exercise their rights under the Personal Data Protection Act of 2019, once the company receives such a request, it will process it within the time frame stipulated by law. Additionally, the company reserves the right to reject or not process the request in cases where the law allows. If the data subject chooses to provide only specific personal data, it may result in the inability to receive full services from the company. Furthermore, the company may not be able to collaborate or provide any services to the data subject if they do not consent to providing the required information. Data subjects can exercise these rights by submitting a request to the group of companies in writing or via email (E-Mail) using the form provided by the company. The form can be downloaded from the website: www.gpmobility.co.th and submitted through the ‘Contact the Company’ channel in section 11. The company will consider and notify the data subject of the results of the request within 30 days from the date of receiving the request.
7. Duration of Personal Data Retention
7.1 For job applicants who are not appointed as employees, no data will be retained, and all relevant information will be disposed of in accordance with applicable regulations and/or appropriate procedures.
7.2 For employees, the data will be retained throughout the employment period and will be kept for an additional 10 years from the end of the employment contract. After this period, the company will delete and destroy personal data when it is no longer necessary. However, in cases of disputes or legal proceedings related to your job application or employment contract, the company reserves the right to retain the data until the resolution of the dispute or until a final judgment is issued.
8. Personal Data Security Measures
The company has implemented measures to ensure the security of your personal data, both technically and in terms of management, to prevent data loss or unauthorized access, destruction, use, alteration, modification, or disclosure of personal data without permission. These measures align with the company’s Information Security Policy.
Additionally, the company has established a Privacy Policy, publicly communicated throughout the organization, outlining practices to ensure the confidentiality, integrity, and availability of personal data. The company regularly reviews and updates these policies, including the disclosure of this notice, as deemed appropriate.
9. Data Protection Officer
The company has complied with the Personal Data Protection Act B.E. 2562 by appointing a Data Protection Officer (DPO) to oversee the company’s activities related to the collection, usage, and disclosure of personal data, ensuring compliance with the Personal Data Protection Act B.E. 2562, as well as relevant laws governing the protection of personal data.
10. Data Controller
The company has adhered to the Personal Data Protection Act B.E. 2562 by appointing a Data Controller responsible for making decisions regarding the collection, usage, and disclosure of personal data, ensuring compliance with the Personal Data Protection Act B.E. 2562, as well as relevant laws governing the protection of personal data.
11. Owner’s Participation
The company may disclose your personal data upon receiving a request from you, your authorized representatives, heirs, legal representatives, guardians, or legal agents. Requests can be submitted via email: info@gpmobility.co.th or by phone at 02-108-1222.
In the event that you, your authorized representatives, heirs, legal representatives, guardians, or legal agents object to the data collection, accuracy, or any actions, such as requesting corrections to personal data, the company will document evidence of such objections.
It should be noted that the company may reject the rights outlined in this clause in cases where it is mandated by law or if your personal data has been rendered anonymous and cannot be readily identified.
12. Access to Personal Data
The company has designated employees, officials, and specifically authorized individuals with responsibilities related to the collection, usage, and disclosure of personal data in this processing activity. Only these individuals will have access to your personal data. The organization will ensure that these employees and individuals strictly adhere to this policy.
13. Amendment of Privacy Statement
The company may consider revising, modifying, or changing this statement as deemed appropriate. Any such changes will be announced through the company’s website (www.gpmobility.co.th), with the latest version’s date specified at the end. However, the company recommends regularly checking for updates, especially before disclosing personal information. Your job application is considered acceptance of the terms of this statement. Please refrain from submitting job applications or contacting the HR department if you do not agree with the terms in this statement. Otherwise, the company will assume that you are aware of and accept the changes to the statement.
14. Contact Information
You can inquire about this statement by contacting the Data Protection Officer (DPO): Ms.Phanchita Bunluesup
GP mobility public company limited.
Contact Address: 2 Soi Vibhavadi Rangsit 50,Vibhavadi Rangsit Rd., Ladyao, Chatuchak, Bangkok, 10900
Contact Channels: Email: DPO@gpmobility.co.th or Phone: 02-108-1222